davidread/gist:2406466

## gistfile1.diff
diff --git a/ckan/lib/base.py b/ckan/lib/base.py
index b10c980..0dfe78e 100644
--- a/ckan/lib/base.py
+++ b/ckan/lib/base.py
@@ -193,12 +193,20 @@ class BaseController(WSGIController):
                 if cookie.startswith('ckan') and cookie not in ['ckan']:
                     response.delete_cookie(cookie)
                 # Remove the ckan session cookie if not used e.g. logged out
-                elif cookie == 'ckan' and not c.user and not h.are_there_flash_
-                    if session.id:
-                        if not session.get('lang'):
-                            session.delete()
-                    else:
-                        response.delete_cookie(cookie)
+                elif cookie == 'ckan' and not c.user:
+                    # Check session for valid data (including flash messages)
+                    # (DGU also uses session for a shopping basket-type behavio
+                    is_valid_cookie_data = False
+                    for key, value in session.items():
+                        if not key.startswith('_') and value:
+                            is_valid_cookie_data = True
+                            break
+                    if not is_valid_cookie_data:
+                        if session.id:
+                            if not session.get('lang'):
+                                session.delete()
+                        else:
+                            response.delete_cookie(cookie)
                 # Remove auth_tkt repoze.who cookie if user not logged in.
                 elif cookie == 'auth_tkt' and not session.id:
                     response.delete_cookie(cookie)
	diff --git a/ckan/lib/base.py b/ckan/lib/base.py
	index b10c980..0dfe78e 100644
	--- a/ckan/lib/base.py
	+++ b/ckan/lib/base.py
	@@ -193,12 +193,20 @@ class BaseController(WSGIController):
	if cookie.startswith('ckan') and cookie not in ['ckan']:
	response.delete_cookie(cookie)
	# Remove the ckan session cookie if not used e.g. logged out
	- elif cookie == 'ckan' and not c.user and not h.are_there_flash_
	- if session.id:
	- if not session.get('lang'):
	- session.delete()
	- else:
	- response.delete_cookie(cookie)
	+ elif cookie == 'ckan' and not c.user:
	+ # Check session for valid data (including flash messages)
	+ # (DGU also uses session for a shopping basket-type behavio
	+ is_valid_cookie_data = False
	+ for key, value in session.items():
	+ if not key.startswith('_') and value:
	+ is_valid_cookie_data = True
	+ break
	+ if not is_valid_cookie_data:
	+ if session.id:
	+ if not session.get('lang'):
	+ session.delete()
	+ else:
	+ response.delete_cookie(cookie)
	# Remove auth_tkt repoze.who cookie if user not logged in.
	elif cookie == 'auth_tkt' and not session.id:
	response.delete_cookie(cookie)