--- a/devtools/testlib.py	Thu May 22 18:29:50 2014 +0200
+++ b/devtools/testlib.py	Fri May 30 16:36:56 2014 +0200
@@ -203,17 +203,26 @@
         self._repo = repo
         self._login = login
         self.requestcls = requestcls
-        # opening session
-        #
-        # XXX this very hackish code should be cleaned and move on repo.
-        with repo.internal_cnx() as cnx:
-            rset = cnx.execute('CWUser U WHERE U login %(u)s', {'u': login})
-            user = rset.get_entity(0, 0)
+        self._session = self._unsafe_connect(login)
+
+    def _unsafe_connect(self, login, **kwargs):
+        """ a completely unsafe connect method for the tests """
+        # use an internal connection
+        with self._repo.internal_cnx() as cnx:
+            # try to get a user object
+            user = cnx.find('CWUser', login=login).one()
             user.groups
             user.properties
-            self._session = Session(user, repo)
-            repo._sessions[self._session.sessionid] = self._session
-            self._session.user._cw = self._session
+            user.login
+            session = Session(user, self._repo)
+            self._repo._sessions[session.sessionid] = session
+            user._cw = user.cw_rset.req = session
+        with session.new_cnx() as cnx:
+            self._repo.hm.call_hooks('session_open', cnx)
+            # commit connection at this point in case write operation has been
+            # done during `session_open` hooks
+            cnx.commit()
+        return session
 
     @contextmanager
     def repo_cnx(self):

--- a/server/repository.py	Thu May 22 18:29:50 2014 +0200
+++ b/server/repository.py	Fri May 30 16:36:56 2014 +0200
@@ -652,7 +652,7 @@
             return rset.rows
 
     def connect(self, login, **kwargs):
-        """open a connection for a given user
+        """open a session for a given user
 
         raise `AuthenticationError` if the authentication failed
         raise `ConnectionError` if we can't open a connection