Accept user as logged in if django session exists, even if shib session is dead

[KonstantinSchubert]

The shib session is managed by a session cookie that expires when the browser is closed.

For low-impact applications this is an unnecessary security measure. Here is the middleware-logic that allows a user to stay logged in while the shibboleth session has already expired:

if request.user.is_authenticated():

cool

return 

else: try: user = auth.authenticate(remote_user=username,meta=request.META) request.user = user auth.login(request,user) except noShibSessionError:

we need to redirect to login

    return 

[KonstantinSchubert]

I'm pretty sure this was implemented in the meantime.