2

In my django app, I handle login in the following manner. Users go to a gateway page (index.html) - if they are not currently logged in, there will be a login/password form along with the other material. On successful login (or if they otherwise go to that page while logged in), the page is rendered slightly differently (sans login form).

The way I am handling that is in the view for index.html I do:

logged_in = request.user.is_authenticated()

and then the logged_in variable is passed to the template, which is checked to see which version of the page it renders.

When a user logs in, the login view calls:

user = authenticate(username=username, password=password)
if user is not none:
    login(request, user)

And then they are redirected back to index.html.

More often than not, this works perfectly fine. What I see though is that sometimes between the HttpResponseRedirect and the index view is that request.user is wiped out. I have been logging this for a while now, writing to the log as the last item in the login view and first item in the index view. The effect it has for the user is that it looks like they incorrectly logged in (except w/ no message telling them that).

It does seem to come in spurts, as in the system will be fine for a while, and then I'll see it happen to a user 4-5 times in a row. I should also note that I've never seen/heard of this happening at any point except at the login, as far as I can tell (it is possible that it has happened and no one has complained) once they're in, they're in.

Am I doing something obviously wrong with my login methodology here?

geoffjentry
  • 4,674
  • 3
  • 31
  • 37
  • I don't have server side caching enabled. I have seen things now and then where I needed to use the never_cache decorator to avoid client side caching, but that doesn't seem like it would be the case here (or could it?) – geoffjentry Oct 01 '09 at 17:02
  • I should also note that I never see this using the dev server, only apache w/ mod_python – geoffjentry Oct 01 '09 at 17:12

1 Answers1

1

Apache+Mod Python or WSGI use threads and may pre cache your requests (depends on your conf). So if you changed something in code you have to restart your apache. then the problem should disapear.

jujule
  • 11,125
  • 3
  • 42
  • 63
  • That was one thing I thought of (and restarting the server does seem to fix it if it is getting really bad), but this will happen when the server hasn't been touched (code wise) in weeks. Is it possible to turn off the request caching for Apache/mod_python and/or is it wise to do so? This is a pretty low volume site, so the speed angle isn't a big deal here. – geoffjentry Oct 02 '09 at 13:58