Why does check_session return True when canvas_user is in params?

[lacker]

I was using the require_login decorator and noticed that when people arrived at my app for the first time by clicking a link from a request, it wasn't asking them to allow access, and various pyfacebook calls were failing. I tracked this down to the part of check_session:

   elif 'canvas_user' in params:
        self.uid = params['canvas_user']
   else:
        return False
   return True

In this case there is a canvas_user but we don't have a valid session_key. Shouldn't that mean that check_session returns False, and thus the require_login decorator will redirect the user to allow access?