KeyError in AuthView

Open xi opened this issue 1 year ago • 0 comments

I sometimes see KeyErrors on the line del self.request.session['mfa_user'] in MFAAuthView.form_valid(). This is unexpected because MFAAuthView.user is used immediately before that, and it also uses self.request.session['mfa_user']. So if that key would not exist, this should show up earlier, not in this line.

The only way I can explain this issue is if there is a race condition between two requests. They could both pass the earlier uses of this data, then one removes it from the session and the other raises an issue.

On the other hand, the application where I saw these errors uses javascript from double-cklicking submit buttons. So accidentally triggering this race condition is extremely unlikely.

Oct 03 '24 18:10 xi