Logged-in hint middleware: minor improvement

mamweb/middleware.py

@@ -13,7 +13,7 @@ class LoggedInHintCookieMiddleware(object):
     Note this usually breaks non-GET (POST) requests.
 
     On secure requests: Updates cookie settings.LOGGED_IN_HINT_COOKIE_NAME to reflect
-    whether an user is logged in in the current session (set/clear).
+    whether an user is logged in in the current session (cookie set to 'True' or cleared).
     The cookie is set to expire at the same time as the sessionid cookie.
 
     By default, LOGGED_IN_HINT_COOKIE_NAME = 'logged_in_hint'.
@@ -26,7 +26,7 @@ class LoggedInHintCookieMiddleware(object):
 
     def process_request(self, request):
         if not request.is_secure():
-            if self.cookie_name in request.COOKIES:
+            if self.cookie_name in request.COOKIES and request.COOKIES[self.cookie_name] == 'True':
                 # redirect insecure (assuming http) requests with hint cookie to https
                 url = HttpRequest.build_absolute_uri()
                 assert url[:5] == 'http:'
@@ -36,11 +36,11 @@ class LoggedInHintCookieMiddleware(object):
     def process_response(self, request, response):
         if request.is_secure():
             # assuming full session info (as the conn. is secure), update hint
-            # cookie value is actually irrelevant, here we set 'True'
             if request.user.is_authenticated():
                 expiry = None if request.session.get_expire_at_browser_close() else request.session.get_expiry_date()
                 response.set_cookie(self.cookie_name, value='True', expires=expiry, secure=False)
             else:
+                if self.cookie_name in request.COOKIES:
                     response.delete_cookie(self.cookie_name)
         return response