From 221ecd21828c11a800c00a6ec52e93587b7e2a3b Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Wed, 10 Oct 2012 16:36:25 +0100
Subject: [PATCH] Fix session auth

---
 rest_framework/authentication.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rest_framework/authentication.py b/rest_framework/authentication.py
index f8954428e..ee5bd2f2e 100644
--- a/rest_framework/authentication.py
+++ b/rest_framework/authentication.py
@@ -88,11 +88,14 @@ class SessionAuthentication(BaseAuthentication):
         Returns a :obj:`User` if the request session currently has a logged in user.
         Otherwise returns :const:`None`.
         """
-        user = getattr(request._request, 'user', None)
+
+        # Get the underlying HttpRequest object
+        http_request = request._request
+        user = getattr(http_request, 'user', None)
 
         if user and user.is_active:
             # Enforce CSRF validation for session based authentication.
-            resp = CsrfViewMiddleware().process_view(request, None, (), {})
+            resp = CsrfViewMiddleware().process_view(http_request, None, (), {})
 
             if resp is None:  # csrf passed
                 return (user, None)