Fixed #27009 -- Made update_session_auth_hash() rotate the session key.

author: Tim Graham <timograham@gmail.com> 2016-08-15 19:29:12 -0400
committer: GitHub <noreply@github.com> 2016-08-15 19:29:12 -0400
commit: 7549eb000430192833f05186056d1ae20b0d17ad (patch)
tree: f689e7f769ddb6cb4c32e92d82ee93b1f31c95ff /tests/auth_tests/test_views.py
parent: 937d752d3deabebe60dfbe9ff9823772730f336a (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 3ae0bf4b89..e3b1bd9f5b 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -479,6 +479,7 @@ class SessionAuthenticationTests(AuthViewsTestCase):
         session auth hash after a password change so the session isn't logged out.
         """
         self.login()
+        original_session_key = self.client.session.session_key
         response = self.client.post('/password_change/', {
             'old_password': 'password',
             'new_password1': 'password1',
@@ -486,6 +487,8 @@ class SessionAuthenticationTests(AuthViewsTestCase):
         })
         # if the hash isn't updated, retrieving the redirection page will fail.
         self.assertRedirects(response, '/password_change/done/')
+        # The session key is rotated.
+        self.assertNotEqual(original_session_key, self.client.session.session_key)
 
 
 class LoginTest(AuthViewsTestCase):
author	Tim Graham <timograham@gmail.com>	2016-08-15 19:29:12 -0400
committer	GitHub <noreply@github.com>	2016-08-15 19:29:12 -0400
commit	7549eb000430192833f05186056d1ae20b0d17ad (patch)
tree	f689e7f769ddb6cb4c32e92d82ee93b1f31c95ff /tests/auth_tests/test_views.py
parent	937d752d3deabebe60dfbe9ff9823772730f336a (diff)