I'm experiencing an issue with Django and Django Auth. From time to time the login page will not allow users to login. When the user presses login (on the /admin login form OR any custom login form) the page simply refreshes. After debugging further it seems that it is creating a session and then expiring it (somehow). Has anyone experienced this type of behavior with Django Auth?
Thanks,
cory
I haven't had this problem.
But so, you should check your apps, middleware, and context processor specifications in your settings.py file. You'll want to be sure the following are in place (in addition to whatever else you need for your specific app):
MIDDLEWARE_CLASSES = (
# ...
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
# ...
)
TEMPLATE_CONTEXT_PROCESSORS = (
# ...
"django.core.context_processors.auth",
"django.core.context_processors.request",
# ...
)
INSTALLED_APPS = (
# ...
'django.contrib.auth',
'django.contrib.sessions',
'django.contrib.sites',
# ...
)
... make sure that's all good to go and see if your problem persists. Good luck.
Related
I'm having a problem with the csrf token on a Django powered site, which I'm close to reporting as a bug.
Problem is basically, CSRF token fails when DEBUG is False. When DEBUG is False, if I'm using sessions for the csrf token (Django 1.11):
CSRF_USE_SESSIONS = True
CSRF_COOKIE_AGE = None
...all forms/post requests on the frontend fail authentication, but I can login fine to the Django admin panel, e.g., csrf token authentication succeeds.
On the other hand, if I'm using cookies for csrf, authentication on the frontend for forms/post requests go through without any problem, but then it fails for the admin login: CSRF verification failed. Request aborted.
Part of my settings.py file looks like this:
SECRET_KEY = os.getenv('DJANGO_SECRET_KEY')
DEBUG = 'DEBUG' in os.environ
# CSRF
# These are commented/uncommented depending on what method I'm testing
# CSRF_USE_SESSIONS = True
# CSRF_COOKIE_AGE = None
# I added the cookie domain setting after I started seeing the problem
# and hoped it would have resolved it; it didn't help.
CSRF_COOKIE_DOMAIN = '.{0}'.format(os.getenv('DOMAIN_NAME', 'mysite.com'))
ALLOWED_HOSTS = [
'.mysite.com',
'.mysite.info',
]
if DEBUG:
ALLOWED_HOSTS.extend(['.mysite.dev'])
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'mainsite',
'constance',
'jstemplate',
'compressor',
]
MIDDLEWARE = [
'django.middleware.cache.UpdateCacheMiddleware',
'django.middleware.security.SecurityMiddleware',
'django.middleware.gzip.GZipMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.cache.FetchFromCacheMiddleware',
'mainsite.middleware.Guid',
'mainsite.middleware.SiteLang',
]
If I set DEBUG to True, I have no issues whatsoever with CSRF token authentication, both on the frontend as with logging into the Django admin panel.
I'm also using Redis as a cache. Am I missing something crucial that is causing this CSRF error? I must point out, there was a point in which I was not getting this error, but I cannot for the life of me pinpoint what change would have created this behavior with the CSRF token.
I also have the same issue.
I solve this by
1. pip install django-sslserver.
2. Put sslserver in the INSTALLED_APPS.
3. python manage.py runsslserver
On my website I have no login system. However, users get sessionid and csrftoken, but I need to clear them up from time to time
Is there any way that I can delete them manually?
Thanks a lot.
This is because django enables some middleware by default. This includes, django CSRF middleware and django session middleware. Remove them from your settings.py file
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
)
I wanted to redirect some urls in my django project.
So i tried using django redirects app.
In settings.py :-
SITE_ID=1
INSTALLED APPS = (
...
'django.contrib.sites',
'django.contrib.redirects',
...
)
MIDDLEWARE_CLASSES = (
...
'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
)
I did syncdb and then added the redirect from admin. Nothing happens.
Is there anything i missed?
i'm trying to find bug for few hours now but nothing comes out.
Django gives me this error message when i'm trying to access request.SESSION from view. No other errors.
'WSGIRequest' object has no attribute 'SESSION'
Here is my Django settings what points to sessions and authentication. Most of them are set to their defaults.
AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
AUTH_PROFILE_MODULE = 'alkimikis.users.models.UserProfile'
INSTALLED_APPS = ['django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.auth', 'django.contrib.admin', 'alkimikis.users']
MIDDLEWARE_CLASSES = ('django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware')
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
Ideas for solution or deeper debugging? Anyone?
It's request.session. Lower case.
To debug, use the unit test framework. You can then add print statements and see the results.
print request
Very helpful.
My flatpages relevant options in the settings.py look like this:
MIDDLEWARE_CLASSES = (
'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
'django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
)
INSTALLED_APPS = (
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.admin',
'django.contrib.flatpages',
'django.contrib.humanize',
'registration',
)
and in the Backend I added a flatpage with the url set to "/" and one with "/about/. When I call these pages, django shows a 404 error. All my flatpages have a unique template. The "Template Name" entries are looking like this: /flatpages/about.html. What did i miss?
I found it.
I forgot to set the SITE_ID in settings.py correctly.
Do you have a base/default template in place for your flatpages, too? It's easy to miss as they docs don't go into much detail.
Easiest fix is to add /flatpages/default.html to your known templates, basing default.html on the example in the docs.
Or you can point your flatpages to a specific, existing template with the additional options in the admin edit page for a flatpage.
The key statement is changing the SITE_ID in settings.py which
has nothing to do with flatpages - it is a problem that new users
run into when launching into the 'admin' and adding (say) '127..0.0.1' to
the sites menu ( an addition to the default 'example.com' )
In trying to get everything else right, it is easy to overlook
making SITE_ID = 2.
Make 'locahost' the default - get rid of the default tripwire.
Glad I came across this!
Bob