Django sessions abandoned in first tab when clicking link in second -
don't know if specific django, site 1 i've experienced with, , don't think i'm doing special session data (just using old-school database backend).
when user logs in (in tab a) , opens new tab (tab b) on same domain, cookie carries on second tab. however, if user clicks link in tab b, either refreshes tab or clicks link in tab, he's instantly logged out.
i've been googling around issue ages have had no luck, appreciate anyone's help. apologies if fundamental thing.
middleware_classes = ( 'django.middleware.cache.updatecachemiddleware', 'bambu.sites.middleware.domainredirectmiddleware', 'nymbol.utils.middleware.requirehttpsmiddleware', 'django.middleware.common.commonmiddleware', 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.locale.localemiddleware', 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', 'maintenancemode.middleware.maintenancemodemiddleware', 'bambu.analytics.middleware.analyticsmiddleware', 'bambu.enqueue.middleware.enqueuemiddleware', 'bambu.minidetect.middleware.minidetectmiddleware', 'nymbol.utils.middleware.userplanmiddleware', 'nymbol.manager.middleware.apilegacymiddleware', 'django.middleware.cache.fetchfromcachemiddleware' ) bambu.sites.middleware.domainredirectmiddlewareredirects visitors correct domain, site has number of alias domainsnymbol.utils.middleware.requirehttpsmiddlewareredirects users of urls ssl versions of same)maintenancemode.middleware.maintenancemodemiddlewaredisplays 503 message when site being deployed after commit , pushbambu.analytics.middleware.analyticsmiddlewareenqueues analytics javascript across requestsbambu.enqueue.middleware.enqueuemiddlewareallows views , template tags enqueue css , javascriptbambu.minidetect.middleware.minidetectmiddlewaredetects whether browser mobile or notnymbol.utils.middleware.userplanmiddlewarestores payment plan user on inrequestobject (as governs site-wide permissions)nymbol.manager.middleware.apilegacymiddlewarechanges url pattern in 1 particular url (absolutely no bearing in issue)
it turns out issue having had nothing django, instead due insecure image urls being delivered on tls (ssl basically).
this bad explanation of issue, seemed when browser - chrome or firefox - detected http:// url being referenced secure url, abandoned session next time hit refresh or clicked link, i'd taken login page cookie no longer valid.
as say, not how it's going down, that's practical upshot, , correcting urls (which of course best-practice anyway) sorted issue completely.
Comments
Post a Comment