Saturday, October 22, 2022

Re: login()/logout() with valid user and request not attaching user to session

I figured out the issue. The django_sessions database *does* get updated with entries when a login is successfully attempted. I'm not entirely sure why I initially observed that it wasn't. I may have been checking the wrong database. This is not an issue with django. I have tracked down the underlying issue to be that the cookies and CSRF tokens were not being transmitted on request/responses - this was an issue in my frontend. Now (almost) fixed.

On Sat, Oct 22, 2022 at 11:05 AM Jordan <jordan@axlemobility.com> wrote:
So I have some rather bizarre behavior on my hands - I am trying to use session authentication to login a user. I am able to login/logout through the django admin console just fine. However, when I explicitly call django.contrib.auth.login(), nothing happens. No errors are thrown, the login method executes to completion, but I am not logged in. I can tell because (1) When re-loading the user admin console it asks me to authenticate and (2) no changes are made to the Session object database. It looks exactly the same before the login call as after the login call. 

The same is true of logging out - neither method appears to be attaching/detaching users to sessions. I have replicated this behavior with non-superusers. No errors are ever thrown, but no sessions are ever added or deleted. This is utterly bizarre to me - and I don't know what to do. Any suggestions for debugging would be immensely helpful - obviously authentication is a critical part of our application, and I can't move on until I fix this.

I have uploaded my settings.py in a repo below. Some notes on my configuration - I am using the email field as my username, and am using dj-rest-auth for authentication. There seems to be nothing wrong with dj-rest-auth: when I pass in a valid email/password combination, it successfully calls django's authenticate() method, which creates a valid user object, and then passes it to django.contrib.auth.login() along with the request. No exceptions are thrown inside the login() function - which I verified by stepping through it line-by-line with breakpoints. I am using the default runserver command as my django server. 

Where is the actual code in the login() function that makes changes to the database? The only thing I can think of is that somehow the user_logged_in.send() signal is responsible, but this doesn't appear to be directly attached to any code I can find that could plausibly make database modifications.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/1a73c0d9-da20-4d7e-8d65-50c279ccd5f2n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJkO6Yz%2BhSVo%2B0TH74AW%3DdyQhpPfBsoYW4Gxcv8cKf%3DEZmEqrA%40mail.gmail.com.

No comments:

Post a Comment