test: Small cleanups in SafeSessions code (#29868)

- test: Remove reference to `REDIRECT_TO_LOGIN_ON_SAFE_SESSION_AUTH_FAILURE`,
  since it was removed in commit bd7653aefcd77a/PR #29132.
- docs: Clarify what "work correctly" means for header-logging

openedx/core/djangoapps/safe_sessions/middleware.py

@@ -120,8 +120,9 @@ LOG_REQUEST_USER_CHANGES = getattr(settings, 'LOG_REQUEST_USER_CHANGES', False)
 #      any user id change detected by safe sessions. The headers will provide additional debugging information. The
 #      headers will be logged for all requests up until LOG_REQUEST_USER_CHANGE_HEADERS_DURATION seconds after
 #      the time of the last mismatch. The header details will be encrypted, and only available with the private key.
-# .. toggle_warnings: To work correctly, LOG_REQUEST_USER_CHANGES must be enabled and ENFORCE_SAFE_SESSIONS must be
-#      disabled. Also, SAFE_SESSIONS_DEBUG_PUBLIC_KEY must be set. See
+# .. toggle_warnings: Logging headers of subsequent requests following a mismatch will only work if
+#      LOG_REQUEST_USER_CHANGES is enabled and ENFORCE_SAFE_SESSIONS is disabled; otherwise, only headers of the inital
+#      mismatch will be logged. Also, SAFE_SESSIONS_DEBUG_PUBLIC_KEY must be set. See
 #      https://github.com/edx/edx-platform/blob/master/common/djangoapps/util/log_sensitive.py
 #      for instructions.
 # .. toggle_use_cases: opt_in

openedx/core/djangoapps/safe_sessions/tests/test_middleware.py

@@ -333,7 +333,6 @@ class TestSafeSessionMiddleware(TestSafeSessionsLogMixin, CacheIsolationTestCase
 
     @ddt.data(['text/html', 302], ['', 401])
     @ddt.unpack
-    @override_settings(REDIRECT_TO_LOGIN_ON_SAFE_SESSION_AUTH_FAILURE=False)
     def test_error_with_http_accept(self, http_accept, expected_response):
         self.request.META['HTTP_ACCEPT'] = http_accept
         self.verify_error(expected_response)