On Tue, 2009-02-03 at 11:43 -0800, SnappyDjangoUser wrote: > I am having a weird issue in which users are randomly logged out of > the site and redirected to the login page. They must re-enter > credentials before being able to continue browsing the site. The > weird thing is I only see this on my production machine and not on my > development box (both serving via Apache and mod_python, although > different versions. I also have a different mysql database version in > production than on my development box). > > Does anyone have any suggestions on how to debug? I do not know > enough details about how sessions work to know where to start > debugging.
You would need to catch the problem in action. Put some debugging code in to catch the redirect. If you're using something like a login_required decorator, write your own version that captures some debugging information before redirecting. You should be trying to work out why the authorisation check is failing: Is it because the necessary cookie isn't being sent? Is it because the cookie is being sent and the corresponding row in the database isn't being found? Try to think of a few possibilities and log whatever information might be useful to track them down. > > I am using the built-in auth.views import login, login_required, > logout_then_login methods to handle session creation. I am using the > default SESSION_COOKIE_AGE of 2 weeks and I set > SESSION_EXPIRE_AT_BROWSER_CLOSE to True. > > I have looked at the django_session table and the table is small since > the site just launched and there are no expired sessions in the table. > > The weird thing is that I do not see session entires deleted from the > django_session table when the user selects logout (and > auth.views.logout_then_login is called). How are you looking for deletions? By counting the number of entries in the table? Because that wouldn't be valid. Even non-logged in users generate entries in the session table (sessions are not, by themselves, an indication of authentication). So, "deletions", per se, won't really be noticeable in the sessions table unless you have a lot of expired sessions and run some script to delete any expired ones. When a user logs out, the entry for their current session id is deleted and a new entry is created for the new (anonymous user) session more or less at the same time. So the number of entries in the session table won't change. > I also do not see consistent > behavior of session entires being created in django_sessions when the > upon user login (auth.views.login is called). What do you mean by "consistent"? Again, the number of entries in the table won't change when somebody logs in. The value of their session id will change, but the existence or otherwise, since everybody has a session id associated with their interaction with the site. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---