When running two Django projects at the same time, one of the two users is dropped

Asked

Viewed 136 times

-1

I am working on two projects that share the same database, and so the same users, but they are two different projects on different servers.

The point is that when accessing both at the same time (both locally and on the server), the user of the project that is not being accessed is logged in and it is necessary to log in again.

Thus, it is more a question about how Django’s authentication system works in this case, if it uses some browser variable or something and so does not support both at the same time. I’ve researched but I’m not quite sure how to research this situation.

Project 1 - Django 1.10.1 and Project 2 - Django 2.2.1

Both are using the same middleware (I don’t know much about it, I used the standards)

MIDDLEWARE_CLASSES = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
python django login browser
  • 1

    What middleware applications are using?

  • @Andersoncarloswoss edited the question and added the middleware, the two projects are using the same

  • 2

    The Django persist the logged user information in the database (table django_session) and whether how the applications are sharing is well capable of one being "sabotaging" the other. Take a test with the login in each version and check what is registered in the table.

1 answer

0

By default, as it is in Giovanni’s comment, user login and session information is stored in the database by Django’s Session middleware. As they are the same database, and without any additional config, and an unexpected use (unlike, for example, the same user being logged in from different browsers on the same system - a much more common case), the middleware is nesting.

Looking quickly at Django’s code, it seems that the part that invalidates the Session of another system in the same bank will be this thingy here:


        except Exception as e:
            # ValueError, SuspiciousOperation, unpickling exceptions. If any of
            # these happen, just return an empty dictionary (an empty session).
            if isinstance(e, SuspiciousOperation):
                logger = logging.getLogger('django.security.%s' % e.__class__.__name__)
                logger.warning(str(e))
            return {}

(in django.contrib.session.backends.base.py ~line 110) - If you look at the logs of the systems you should see the Warning logged in above. )

Apparently this is not an expected scenario even in Django - Session’s middleware does not provide a way to change the table name used by the bank, for example. If on one of the systems you can switch from bank sessions to another type - with the configuration of the Session engine, should solve your problem.

If you want to keep Session on the bench for both of us, the remedy will be to create your own Session.engine class, inheriting precisely from django.contrib.sessions.backends.db.SessionStore - and in your inherited class, you modify the method get_model_class for a another class you should inherit from from django.contrib.sessions.models.Session - and in your Session inherited, you change the information of Meta.db_table. Aí você aponta para o módulo, dentro do seu projeto, onde criou a nova classeSessionstorena configuraçãoSESSION_ENGINE` of your Settings.

In short, within your project, a file that will look something like:

from django.contrib.sessions.backends.db import SessionStore as BaseSessionStore
from django.contrib.sessions.models import Session as BaseSession

class Session(BaseSession):
    class Meta(BaseSession.Meta):
         db_table = "sistema_y_django_session"


class SessionStore(BaseSessionStore):
    @classmethod
    def get_model_class(cls):
        return Session

And point that file at SESSION_ENGINE

Browser other questions tagged python django login browser

You are not signed in. Login or sign up in order to post.