Sorry for my recent absence in replies.... I was away from this work for a short while, but I am now back.
In response to Graham's question, I am not running multiple Django applications on the same host. This is one Django app on one host. Malcolm, thank you for the brief introduction to session key generation. I was indeed counting the number of rows in the django_session table and expecting additions and deletions upon login/ logout. I now understand that this is not to be expected. I have tried stepping through the code to catch the problem in action, but have thus far been unable to find where the error is. My site uses the the @login_required() decorator on each method, but for debugging I moved it into my view function and walked through the function calls into the Django code. One thing I noticed is that is_authenticated() in /<path_to_python>/ django/contrib/auth/models.py is hard coded to always return True. I thought this was odd and do not understand the rational. Is there a specific method that performs the authentication that I have overlooked? If someone knows off the top of their head could you point me in the direction of that method? I do want to point out that overrode the authentication and am performing an LDAP authentication on my own instead of using django.contrib.auth.backends. Maybe this is a contributing factor.... Does anyone know if it is necessary to write my own is_authenticated() method since I am doing my own authentication? Thanks, Brian On Feb 3, 6:10 pm, Graham Dumpleton <graham.dumple...@gmail.com> wrote: > On Feb 4, 6:43 am, SnappyDjangoUser <bpwall...@gmail.com> wrote: > > > > > I am having a weird issue in which users are randomly logged out of > > the site and redirected to the login page. They must re-enter > > credentials before being able to continue browsing the site. The > > weird thing is I only see this on my production machine and not on my > > development box (both serving via Apache and mod_python, although > > different versions. I also have a different mysql database version in > > production than on my development box). > > > Does anyone have any suggestions on how to debug? I do not know > > enough details about howsessionswork to know where to start > > debugging. > > > I am using the built-in auth.views import login, login_required, > > logout_then_login methods to handle session creation. I am using the > > default SESSION_COOKIE_AGE of 2 weeks and I set > > SESSION_EXPIRE_AT_BROWSER_CLOSE to True. > > > I have looked at the django_session table and the table is small since > > the site just launched and there are no expiredsessionsin the table. > > > The weird thing is that I do not see session entires deleted from the > > django_session table when the user selects logout (and > > auth.views.logout_then_login is called). I also do not see consistent > > behavior of session entires being created in django_sessions when the > > upon user login (auth.views.login is called). > > > Any guidance would be appreciated. Thanks! > > Are you running multiple Django sites mounted at different URLs under > the same host? > > Used to be the case, not sure now, that the session cookie path would > be set to '/' meaning that you see interference between multiple sites > under same host if they all use login. To avoid this, easiest thing to > do is set SESSION_COOKIE_NAME differently for each site. > > If the sites are not overlapping, could also set SESSION_COOKIE_PATH > to be their actual URL mount point rather than slash. > > Graham --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---