Juergen Schackmann
2014-06-04 11:55:38 UTC
Hi all,
this question refers to this previous
question: https://groups.google.com/forum/#!topic/django-users/8IXEvfU72S4.
However, it seems like the problem is slightly different, I decided to open
a new question:
After my site has been up and running for a while in production, I suddenly
have a problem with my users loging into it.
1. I have protected certain views/pages with the login_required
decorator and I am also using the django admin.
2. When an anonymous user hits any of these pages, he is redirected to
the login page.
3. When this anonymous user adds its credentials, the POST request is
successful and he is redirected to the inital page. At the same time, the
user gets a new sessionid (as expected)
4. However, now the results get very unreliable. When pressing reload or
when navigating to other pages (that require a login), either of the 2
outcomes might happen:
- a) The user is identified and the page is displayed correctly
- b) The user is redirect to the login page.
I have checked the content of the session via the shell, and nothing is
changing there.
The production site is served via a load balancer and 8 application
servers. Even stranger: if I test the same code (with the same settings) on
a test server, that is not load balanced and basically has not traffic,
everything is working fine.
I am running Django 1.6 on Ubuntu with Apache and mod_wsgi in daemon mode
behind SSL and I am using the Session database backend. I am using
django-allauth.account for account management/login. My Session settings
are like this:
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 60*60*24
SESSION_COOKIE_SECURE = True
So I have the following questions/ideas?
1. Can this be related to loadbalancing in anyway? My understanding was
that Django does not need sticky sessions, when the DB session backend is
used.
2. Can this be related to a threading issue?
3. Can this be related to high load?
4. Can this be related to a decoding issue:
https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L83.
However, I have not found any log entries that refer to "Session data
corrupted".
Any other hints are welcome.
this question refers to this previous
question: https://groups.google.com/forum/#!topic/django-users/8IXEvfU72S4.
However, it seems like the problem is slightly different, I decided to open
a new question:
After my site has been up and running for a while in production, I suddenly
have a problem with my users loging into it.
1. I have protected certain views/pages with the login_required
decorator and I am also using the django admin.
2. When an anonymous user hits any of these pages, he is redirected to
the login page.
3. When this anonymous user adds its credentials, the POST request is
successful and he is redirected to the inital page. At the same time, the
user gets a new sessionid (as expected)
4. However, now the results get very unreliable. When pressing reload or
when navigating to other pages (that require a login), either of the 2
outcomes might happen:
- a) The user is identified and the page is displayed correctly
- b) The user is redirect to the login page.
I have checked the content of the session via the shell, and nothing is
changing there.
The production site is served via a load balancer and 8 application
servers. Even stranger: if I test the same code (with the same settings) on
a test server, that is not load balanced and basically has not traffic,
everything is working fine.
I am running Django 1.6 on Ubuntu with Apache and mod_wsgi in daemon mode
behind SSL and I am using the Session database backend. I am using
django-allauth.account for account management/login. My Session settings
are like this:
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 60*60*24
SESSION_COOKIE_SECURE = True
So I have the following questions/ideas?
1. Can this be related to loadbalancing in anyway? My understanding was
that Django does not need sticky sessions, when the DB session backend is
used.
2. Can this be related to a threading issue?
3. Can this be related to high load?
4. Can this be related to a decoding issue:
https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L83.
However, I have not found any log entries that refer to "Session data
corrupted".
Any other hints are welcome.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2f55c407-a3b2-4a4e-a709-c4bf73669a59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+***@googlegroups.com.
To post to this group, send email to django-***@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/2f55c407-a3b2-4a4e-a709-c4bf73669a59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.