Fix SuspiciousOperation issue in middle (#221)

* Fixes SuspiciousOperation issue

* Update CHANGES

* Expire mismatch

`expire` was being pulled from `session` instead of `saml_session`. This mismatch causes an issue when `SESSION_SAVE_EVERY_REQUEST` is `True`.

Author: peterfarrell

CHANGES

@@ -1,6 +1,10 @@
 Changes
 =======
 
+TBD (TBD)
+-------------------
+- Fixed SuspiciousOperation issue in middleware (Issue #220)
+
 0.40.1 (2020-xx-yy)
 -------------------
 - [BugFix] HTTP-REDIRECT Authn Requests with optional signature now works.

djangosaml2/middleware.py

@@ -43,11 +43,11 @@ def process_response(self, request, response):
                 patch_vary_headers(response, ('Cookie',))
             # relies and the global one
             if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
-                if request.session.get_expire_at_browser_close():
+                if request.saml_session.get_expire_at_browser_close():
                     max_age = None
                     expires = None
                 else:
-                    max_age = getattr(request, self.cookie_name).get_expiry_age()
+                    max_age = request.saml_session.get_expiry_age()
                     expires_time = time.time() + max_age
                     expires = http_date(expires_time)
                 # Save the session data and refresh the client cookie.