From 59309f8164f6a360017004324495f456844a49ce Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Tue, 7 Jan 2025 18:22:23 +0530
Subject: [PATCH] perf: do not validate user on session resume (#29074)

* fix: Consume sid from arguments

* perf: do not validate user on resume

Errr, why would we ever need to validate if user with active session is
"disabled"?

When active user is disabled, their sessions are wiped from cache and DB.
---
 frappe/sessions.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/frappe/sessions.py b/frappe/sessions.py
index 395ffd73d005..ff2794b4e3d4 100644
--- a/frappe/sessions.py
+++ b/frappe/sessions.py
@@ -205,7 +205,9 @@ class Session:
 	__slots__ = ("_update_in_cache", "data", "full_name", "sid", "time_diff", "user", "user_type")
 
 	def __init__(self, user, resume=False, full_name=None, user_type=None):
-		self.sid = cstr(frappe.form_dict.get("sid") or unquote(frappe.request.cookies.get("sid", "Guest")))
+		self.sid = cstr(
+			frappe.form_dict.pop("sid", None) or unquote(frappe.request.cookies.get("sid", "Guest"))
+		)
 		self.user = user
 		self.user_type = user_type
 		self.full_name = full_name
@@ -301,7 +303,6 @@ def resume(self):
 		if data:
 			self.data.update({"data": data, "user": data.user, "sid": self.sid})
 			self.user = data.user
-			self.validate_user()
 			validate_ip_address(self.user)
 		else:
 			self.start_as_guest()