Hello all, I'm not sure if you discovered the problem, but if you have different types of authentication backends, maybe the problem is on the session objects. Did you do a delete?. See the NOTE in this chapter: https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#specifying-authentication-backends
Hope it helps El dimecres 4 de juny de 2014 6:55:38 UTC-5, Juergen Schackmann va escriure: > > Hi all, > this question refers to this previous question: > https://groups.google.com/forum/#!topic/django-users/8IXEvfU72S4. > However, it seems like the problem is slightly different, I decided to open > a new question: > > After my site has been up and running for a while in production, I > suddenly have a problem with my users loging into it. > > 1. I have protected certain views/pages with the login_required > decorator and I am also using the django admin. > 2. When an anonymous user hits any of these pages, he is redirected to > the login page. > 3. When this anonymous user adds its credentials, the POST request is > successful and he is redirected to the inital page. At the same time, the > user gets a new sessionid (as expected) > 4. However, now the results get very unreliable. When pressing reload > or when navigating to other pages (that require a login), either of the 2 > outcomes might happen: > > > - a) The user is identified and the page is displayed correctly > - b) The user is redirect to the login page. > > I have checked the content of the session via the shell, and nothing is > changing there. > > The production site is served via a load balancer and 8 application > servers. Even stranger: if I test the same code (with the same settings) on > a test server, that is not load balanced and basically has not traffic, > everything is working fine. > > I am running Django 1.6 on Ubuntu with Apache and mod_wsgi in daemon mode > behind SSL and I am using the Session database backend. I am using > django-allauth.account for account management/login. My Session settings > are like this: > > SESSION_COOKIE_HTTPONLY = True > SESSION_COOKIE_AGE = 60*60*24 > SESSION_COOKIE_SECURE = True > > So I have the following questions/ideas? > > 1. Can this be related to loadbalancing in anyway? My understanding was > that Django does not need sticky sessions, when the DB session backend is > used. > > 2. Can this be related to a threading issue? > > 3. Can this be related to high load? > > 4. Can this be related to a decoding issue: > https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L83. > > However, I have not found any log entries that refer to "Session data > corrupted". > > Any other hints are welcome. > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/a1598521-261d-4efd-b442-9562bedfce1f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
