Saturday, February 27, 2016

Re: Session recycling during login times out

The title is misleading; it should probably be "Session recycling stalls during login".

I also noticed that logout stalls.

On Saturday, February 27, 2016 at 3:12:08 PM UTC-5, Stodge wrote:
I'm trying to diagnose a problem where noone can login to my django site. The login attempt times out as NGINX (proxy) gives up waiting for Apache to respond. There are no errors in the logs anywhere. I copied the Django code into my app to debug:

def this_real_login(request, user):
    """
    Persist a user id and a backend in the request. This way a user doesn't
    have to reauthenticate on every request. Note that data set during
    the anonymous session is retained when the user logs in.
    """
    if user is None:
        user = request.user
    # TODO: It would be nice to support different login methods, like signed cookies.
    if SESSION_KEY in request.session:
        if request.session[SESSION_KEY] != user.pk:
            # To avoid reusing another user's session, create a new, empty
            # session if the existing session corresponds to a different
            # authenticated user.
            print("DEBUG: Flushing session")
            request.session.flush()
            print("DEBUG: Flushed session")
    else:
        print("DEBUG: Cycling session")
        request.session.cycle_key()
        print("DEBUG: Cycled session")
    request.session[SESSION_KEY] = user.pk
    request.session[BACKEND_SESSION_KEY] = user.backend
    if hasattr(request, 'user'):
        request.user = user
    print("DEBUG: Rotating token")
    rotate_token(request)
    print("DEBUG: Rotated token")

It appears to stall inside:

     request.session.cycle_key()

Does anyone have any ideas why this might be? I'm scouring this code but I can't see anything amiss.

Thanks

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7bbc36dd-b467-4390-bf4a-4847896ebb6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)