Yes I agree, but if I understand it right then the article suggests that the issue originates from the single sign-on mechanism, in this case the Django authentication backend. This should be smart enough to handle the multiple sessions.
Anyway I had a hard time finding anything related on the web including a fix. So for future reference, here it is. On Aug 16, 2:35 pm, Konstantin Sushenko <ako...@gmail.com> wrote: > as the article says, their sessions are independent of these used by > the web server. the cookies are not shared between office sessions and > web sessions. I think django has nothing to do with it. > > On Aug 16, 4:04 am, Michel30 <forerunn...@gmail.com> wrote: > > > > > > > > > Hmm the workaround MS suggests actually works, so I have a > > workaround :-) > > > But understanding why Django's authentication backend doesn't support > > this would be good > > > On Aug 16, 9:10 am, Michel30 <forerunn...@gmail.com> wrote: > > > > Addidtionally I found this kb article that I believe describes what is > > > going on:http://support.microsoft.com/kb/899927/en-us > > > > On Aug 16, 8:59 am, Michel30 <forerunn...@gmail.com> wrote: > > > > > I have made a CMS-like application to store and retrieve documents > > > > using Django 1.3, mysql and Apache. > > > > > One requirement was that only authenticated users could use it and > > > > that after closing the browser the session should be expired. > > > > So, I implemented an LDAP authentication backend, set the > > > > "SESSION_EXPIRE_AT_BROWSER_CLOSE" to True and added an @login_required > > > > decorator to functions that need it. > > > > And it is working great, just like it should. > > > > > Until using one feature that involves clicking on a hyperlink that is > > > > supposed to open a document within the application in a browser. > > > > This again works perfectly with every browser (firefix, chrome, IE) in > > > > several flavors of versions. > > > > With working I mean the document view opens, and this is important, as > > > > long as the user was already logged in to the application he/she > > > > doesn't have to log in again. > > > > > It is working until trying this from any office (2000/2003) > > > > application. Then suddenly logging in is required every time > > > > regardless if an session exists or not. > > > > I did some investigating and found that clicking a hyperlink in an > > > > Office application triggers three requests, and it looks like the > > > > first one is missing the session cookie. > > > > Apache log for a hyperlink in Open office: > > > > > 172.16.3.51 - - [15/Aug/2011:11:27:29 +0200] "GET /cgi-bin/DocDB/ > > > > ShowDocument?docid=20916&version=8 HTTP/1.1" 200 3603 "-" "Mozilla/5.0 > > > > (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0" > > > > > and the same document from Word: > > > > > 172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /cgi-bin/DocDB/ > > > > ShowDocument?docid=20916&version=8 HTTP/1.1" 302 496 "-" "Mozilla/4.0 > > > > (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR > > > > 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR > > > > 3.5.30729; .NET4.0C; .NET4.0E)" > > > > > 172.16.3.51 - - [15/Aug/2011:11:26:09 +0200] "GET /login/?next=/ > > > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200 > > > > 3269 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/ > > > > 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR > > > > 3.5.30729; .NET4.0C; .NET4.0E)" > > > > > 172.16.3.51 - - [15/Aug/2011:11:26:10 +0200] "GET /login/?next=/ > > > > cgi-bin/DocDB/ShowDocument%3Fdocid%3D20916%26version%3D8 HTTP/1.1" 200 > > > > 3278 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/ > > > > 5.0" > > > > > Note the different status '200 = OK' for OO and '302 Found' for Word. > > > > Also the length of the first returned object differ: 496 vs 3603. > > > > > I am not sure where to point the finger to, or how to proceed and > > > > resolve it... So I'd appreciate some help a lot. > > > > Thanks, > > > > Michel -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
