Re: Admin stuck at login page

Tom,

First let me say "thanks!" for all the good info on session cookies. I must admit that I've had little reason to-date to learn much about them. This helped.

It would appear that something is certainly amiss in this area, but I can't nail down what exactly. If you have additional time to invest in this, I'll post here the info I was able to glean from it all.

Steps taken:

1. Purged my database table "django_session" again.
2. Loaded the login page for the admin (https://local.utexas.edu:8000/apps/bus/certs/admin/)
• Checked that a session rec was created on the table (4bfa24...).
• Checked the SC cookie on Firebug (4bfa24...). By the way, this also shows "local.utexas.edu" in the "Domain" column.
3. Attempted login
• Saw two cookies created on the table (e440f0... & 23378a...).
• Saw a new SC cookie in Firebug (23378a...).

So it seems that there is some weirdness re: the cookie passing, right?  But I'm a bit confused since the Domain column for the cookie seems to recognized the correct local.utexas.edu domain.  Any thoughts? 

Keith

On Tue, Nov 12, 2013 at 11:15 AM, Tom Evans <tevans.uk@googlemail.com> wrote:

On Tue, Nov 12, 2013 at 4:50 PM, Keith Edmiston <kedmist@gmail.com> wrote:
> Hi Tom,
>
> Thanks for responding.  I'm not using Session Cookies, but instead am using
> Session DB (SESSION_ENGINE = 'django.contrib.sessions.backends.db').
>

I'm not talking about where the session data is stored. If you are
using sessions, you are using cookies.

> Not sure if that really answers your question though.  Can you provide me
> with a best way to verify the session process is working correctly via the
> browser?  I'm not fully certain how to go about doing that.
>
> BTW, I'm using Django 1.4.
>
> Keith

Sessions work by the server assigning the browser a special session id
to persist in a cookie. On subsequent requests, the same session id is
sent back by the browser to the server, and the server can load the
data stored in previous requests from the session backend.

If the browser does not accept the cookie containing the session id
set by the server, then on subsequent requests no session id is sent
to the server and the server cannot load the data stored in previous
requests.

If you were doing this at a login page, the net result would be that
you seem to authenticate correctly, but then are not logged in on
subsequent requests.

An easy way to check this is to use something like Firebug, Chrome
Inspecter etc to load the login page. At this point, django will send
a "Set-Cookie" header, which will have "sessionid" set in it. Note
down what the session id is at this point.
Complete and submit the form, and check in Firebug what "Cookie"
header your browser sent as a request header on that request. If it is
a different value to before, then the session cookies you are setting
are not being respected by the browser.

A typical reason for this happening is if you have configured your
site as being on a particular hostname, but are serving it/accessing
it from a different name. For instance, if your site sends a cookie
for "foo.bloggs.com", but your site is served from "127.0.0.1", then
your browser will not accept the cookie.

Cheers

Tom

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFHbX1KF1Bop9WYDZxFixqo57bxTR3Oi%2B1XzShA8acM%2BjViKjg%40mail.gmail.com.

For more options, visit https://groups.google.com/groups/opt_out.

--
Keith Edmiston
(512)970-7222

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAP_gv7%2B9kOs_YQBiaFRV9KavjUP1-hBV4cTCe2TKd_YeLjuz6g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.