Attribute check in CurrentUserMiddleware._del_user?

[vbudovski-alliance]

Is there any reason to not check for the presence of user attribute on GLOBAL_USER before deleting?

[fanglong-alliance]

ah, i was about to raise this again.

current user middleware suppresses other errors (duh)
cause:
_del_user gets called multiple times if exception occurs, process_exception deletes it then process_response tries to delete again
this triggers its own exception and suppressed the original, actual error

[fanglong-alliance]

damn and still here lol

[levic]

• If CurrentUserMiddleware is included twice in the middleware list then you'll also get the same symptom. This is an error and should be flagged instead of ignored.
• If an internal django sub-request is created, then I'm not sure what happens with threading.local() (does django ensure that new local thread storage is created or is it inherited from the original request?) If it's simply inherited then the user will be (erroneously) wiped by the sub-request.

Rather than simply checking for the attribute before clearing these really should have test coverage (of the above 2 situations, and the case where there's an exception) so that we know that it's actually doing what it's supposed to be.

@davecoates is it possible to allocate some time for someone to look at this?

[davecoates]

yep will do

[levic]

Related: if changes are made here then we probably should also change it to support async: https://peps.python.org/pep-0567/ (TLDR: use contextvars.ContextVar instead of threading.local)