diff --git a/openedx/core/djangoapps/safe_sessions/middleware.py b/openedx/core/djangoapps/safe_sessions/middleware.py index 467fcbb225..d79e92efed 100644 --- a/openedx/core/djangoapps/safe_sessions/middleware.py +++ b/openedx/core/djangoapps/safe_sessions/middleware.py @@ -120,8 +120,9 @@ LOG_REQUEST_USER_CHANGES = getattr(settings, 'LOG_REQUEST_USER_CHANGES', False) # any user id change detected by safe sessions. The headers will provide additional debugging information. The # headers will be logged for all requests up until LOG_REQUEST_USER_CHANGE_HEADERS_DURATION seconds after # the time of the last mismatch. The header details will be encrypted, and only available with the private key. -# .. toggle_warnings: To work correctly, LOG_REQUEST_USER_CHANGES must be enabled and ENFORCE_SAFE_SESSIONS must be -# disabled. Also, SAFE_SESSIONS_DEBUG_PUBLIC_KEY must be set. See +# .. toggle_warnings: Logging headers of subsequent requests following a mismatch will only work if +# LOG_REQUEST_USER_CHANGES is enabled and ENFORCE_SAFE_SESSIONS is disabled; otherwise, only headers of the inital +# mismatch will be logged. Also, SAFE_SESSIONS_DEBUG_PUBLIC_KEY must be set. See # https://github.com/edx/edx-platform/blob/master/common/djangoapps/util/log_sensitive.py # for instructions. # .. toggle_use_cases: opt_in diff --git a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py index 970818758c..f23773b842 100644 --- a/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py +++ b/openedx/core/djangoapps/safe_sessions/tests/test_middleware.py @@ -333,7 +333,6 @@ class TestSafeSessionMiddleware(TestSafeSessionsLogMixin, CacheIsolationTestCase @ddt.data(['text/html', 302], ['', 401]) @ddt.unpack - @override_settings(REDIRECT_TO_LOGIN_ON_SAFE_SESSION_AUTH_FAILURE=False) def test_error_with_http_accept(self, http_accept, expected_response): self.request.META['HTTP_ACCEPT'] = http_accept self.verify_error(expected_response)