From 9a39b4e573fbc5058089895c4dc3024c8bbe1929 Mon Sep 17 00:00:00 2001
From: Ben Adida <ben@adida.net>
Date: Sun, 5 Dec 2021 18:46:11 +0000
Subject: [PATCH] don't error out if session has been cleared on cast done
 page.

---
 helios/templates/cast_done.html |  2 ++
 helios/views.py                 | 10 +---------
 2 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/helios/templates/cast_done.html b/helios/templates/cast_done.html
index dc40805..f6a3b07 100644
--- a/helios/templates/cast_done.html
+++ b/helios/templates/cast_done.html
@@ -8,10 +8,12 @@
     Congratulations, your vote has been <b><u>successfully cast</u></b>!
 </p>
 
+{% if vote_hash %}
 <p>
   Your smart ballot tracker is:<br /><br />
     <tt style="font-size:1.8em; font-weight: bold; padding-left: 20px;">  {{vote_hash}}</tt>
 </p>
+{% endif %}
 
 {% if logout %}
 <p><b>For your safety, we have logged you out.</b></p>
diff --git a/helios/views.py b/helios/views.py
index f054ecd..57e46e4 100644
--- a/helios/views.py
+++ b/helios/views.py
@@ -776,17 +776,9 @@ def one_election_cast_done(request, election):
     save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
     save_in_session_across_logouts(request, 'last_vote_cv_url', cv_url)
   else:
-    vote_hash = request.session['last_vote_hash']
-    cv_url = request.session['last_vote_cv_url']
+    vote_hash = request.session.get('last_vote_hash', None)
     logout = False
   
-  # local logout ensures that there's no more
-  # user locally
-  # WHY DO WE COMMENT THIS OUT? because we want to force a full logout via the iframe, including
-  # from remote systems, just in case, i.e. CAS
-  # if logout:
-  #   auth_views.do_local_logout(request)
-  
   # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
   # include_user is set to False if logout is happening
   return render_template(request, 'cast_done', {'election': election,
-- 
GitLab