Hello everyone, I am currently trying to debug some weird session handling issues for a Django application (Review Board), which is running on top of mod_python / Apache:
What seems to happen is that authenticated user sessions are leaking and get re-used for new browser sessions that have never authenticated at all and their cookies cleared, i.e., these browser sessions that never authenticated impersonate other users (typically the user that last logged in). I did some preliminary debugging and noticed that the ModPythonRequests in question already come with an authenticated user once they reach Review Board's custom auth middleware [1], which is placed after django.contrib.auth.middleware.AuthenticationMiddleware in the middleware chain. Has someone ever experienced this stange behavior? Any hints how to best debug this issue are much appreciated! Thanks, Thilo [1] https://github.com/reviewboard/reviewboard/blob/master/reviewboard/admin/middleware.py -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.