Do not reuse requests sessions

poetry/installation/authenticator.py

@@ -29,7 +29,6 @@ class Authenticator(object):
     def __init__(self, config, io=None):  # type: (Config, Optional[IO]) -> None
         self._config = config
         self._io = io
-        self._session = None
         self._credentials = {}
         self._password_manager = PasswordManager(self._config)
 
@@ -45,10 +44,7 @@ def _log(self, message, level="debug"):  # type: (str, str) -> None
 
     @property
     def session(self):  # type: () -> requests.Session
-        if self._session is None:
-            self._session = requests.Session()
-
-        return self._session
+        return requests.Session()
 
     def request(
         self, method, url, **kwargs

poetry/repositories/legacy_repository.py

@@ -187,22 +187,10 @@ def __init__(
         self._authenticator = Authenticator(
             config=config or Config(use_environment=True)
         )
-
-        self._session = CacheControl(
-            self._authenticator.session, cache=FileCache(str(self._cache_dir / "_http"))
-        )
-
+        self._basic_auth = None
         username, password = self._authenticator.get_credentials_for_url(self._url)
         if username is not None and password is not None:
-            self._authenticator.session.auth = requests.auth.HTTPBasicAuth(
-                username, password
-            )
-
-        if self._cert:
-            self._authenticator.session.verify = str(self._cert)
-
-        if self._client_cert:
-            self._authenticator.session.cert = str(self._client_cert)
+            self._basic_auth = requests.auth.HTTPBasicAuth(username, password)
 
         self._disable_cache = disable_cache
 
@@ -214,17 +202,32 @@ def cert(self):  # type: () -> Optional[Path]
     def client_cert(self):  # type: () -> Optional[Path]
         return self._client_cert
 
+    @property
+    def session(self):
+        session = self._authenticator.session
+
+        if self._basic_auth:
+            session.auth = self._basic_auth
+
+        if self._cert:
+            session.verify = str(self._cert)
+
+        if self._client_cert:
+            session.cert = str(self._client_cert)
+
+        return CacheControl(session, cache=FileCache(str(self._cache_dir / "_http")))
+
     @property
     def authenticated_url(self):  # type: () -> str
-        if not self._session.auth:
+        if not self._basic_auth:
             return self.url
 
         parsed = urlparse.urlparse(self.url)
 
         return "{scheme}://{username}:{password}@{netloc}{path}".format(
             scheme=parsed.scheme,
-            username=quote(self._session.auth.username, safe=""),
-            password=quote(self._session.auth.password, safe=""),
+            username=quote(self._basic_auth.username, safe=""),
+            password=quote(self._basic_auth.password, safe=""),
             netloc=parsed.netloc,
             path=parsed.path,
         )

poetry/repositories/pypi_repository.py

@@ -70,15 +70,11 @@ def __init__(self, url="https://pypi.org/", disable_cache=False, fallback=True):
         )
 
         self._cache_control_cache = FileCache(str(release_cache_dir / "_http"))
-        self._session = CacheControl(
-            requests.session(), cache=self._cache_control_cache
-        )
-
         self._name = "PyPI"
 
     @property
     def session(self):
-        return self._session
+        return CacheControl(requests.session(), cache=self._cache_control_cache)
 
     def find_packages(self, dependency):  # type: (Dependency) -> List[Package]
         """