From f5034e4dbdd5a4e76845d2cda9b44bc5f10ddd6d Mon Sep 17 00:00:00 2001
From: Bharath Madvar <39058743+Bharath420@users.noreply.github.com>
Date: Mon, 30 Mar 2026 09:01:27 -0400
Subject: [PATCH] fix(auth): check hasattr before accessing request.session  
 Fixes #16035

The code was checking hasattr(request, 'session') in the outer if
condition but then accessing request.session in the inner if without
the hasattr check, causing AttributeError on Request objects.

This fix ensures we check hasattr(request, 'session') before
accessing request.session to prevent AttributeError.
---
 packages/google-auth/google/auth/compute_engine/_metadata.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/google-auth/google/auth/compute_engine/_metadata.py b/packages/google-auth/google/auth/compute_engine/_metadata.py
index aae724ab18ee..ad7438dbd6d7 100644
--- a/packages/google-auth/google/auth/compute_engine/_metadata.py
+++ b/packages/google-auth/google/auth/compute_engine/_metadata.py
@@ -174,9 +174,9 @@ def _prepare_request_for_mds(request, use_mtls=False) -> None:
 
     """
     # Only modify the request if mTLS is enabled, and request supports sessions.
-    if use_mtls and hasattr(request, "session"):
+    if use_mtls:
         # Ensure the request has a session to mount the adapter to.
-        if not request.session:
+        if not hasattr(request, "session") or not request.session:
             request.session = requests.Session()
 
         adapter = _mtls.MdsMtlsAdapter()