Ok I think I found where the problem lies:
In applications/admin/models/access.py we have this structure:
if request.env.web2py_runtime_gae:
session_db = DAL('gae')
session.connect(request, response, db=session_db)
hosts = (http_host, )
is_gae = True
else:
is_gae = False
What it basically does is either connect sessions to a database based on
GAE or fall back to the default session management (which is file-based if
I'm not mistaken).
On heroku, each dyno has its own ephemeral filesystem so admin sessions
cannot be found from one request to the other.
The underlying problem is that we do not have a variable that tells if we
are running on Heroku (something like request.env.web2py_runtime_heroku)
I've tried to locate where in the code this variable is set but no luck so
far.
I'm thinking of a patch that would look like this:
if request.env.web2py_runtime_gae:
session_db = DAL('gae')
session.connect(request, response, db=session_db)
hosts = (http_host, )
is_gae = True
elif request.env.web2py_runtime_heroku:
session_db = ???
session.connect(request, response, db=session_db)
else:
is_gae = False
On GAE there has to be only one database so finding where to store sessions
is easy.
On Heroku on the other hand... you can have multiple PostgreSQL databases
that can be found in environment variables.
I don't see any way to define a clear rule about which database should
store sessions.
What do you think ?
On Tuesday, November 25, 2014 1:43:21 PM UTC+1, Anthony wrote:
>
> I checked into my browser's development tools to check cookies and found
>> that indeed, there are two cookies : session_id_APPNAME and
>> session_id_admin. These cookies and their values are persistent through
>> requests, even with multiple dynos.
>
>
>>
>> I now wonder about web2py's session management and especially regarding
>> Auth : *How exactly does it decide wether a user is an existing user or
>> a new user ?*
>>
>
> There are two separate issues -- checking to see if there is a currently
> active session, and separately checking for login. web2py determines if
> there is a session by checking for a session cookie and seeing if it has a
> database record (or file) with a matching session ID. For login, it checks
> whether there is an "auth" object in the session, and if so, whether it is
> expired or not.
>
> Can you first determine whether sessions are working (independing of
> auth/login)? If you save some value to the session, can you retrieve it on
> subsequent requests? If so, the problem isn't with the session per se, but
> specifically with Auth. We may need to see some code to figure out what's
> going on.
>
> Anthony
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
