new session ID is created for every request from IE 7

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

new session ID is created for every request from IE 7

humble-3

Hi,

I am writing a web application that involves session management with
the corporate backend module. I wrote my own authentication backend
plugin to satisfy the corporate requirement, not the default
authentication backend. I use file based session engine to avoid
sqlite crap. Everything works fine in firefox and chrome. But it seems
to be a problem with IE: response includes a new session ID (actually
a test cookie) for each request from IE. It seems IE never sends back
the previous cookie given by the server in subsequent request. Check
in /tmp/ (where I store all session files), I see the previous session
file is replaced with a new empty session file.

Looking in to contrib.session.middleware.py confirms
"request.session.session_key" is different for each request. However,
this only happens when I use IE.  I configured IE 7 to allow cookies,
so it does not reject cookies from django. What might be the problem?
Has any one seen this issue before?

Thanks
-h
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

Malcolm Tredinnick

On Wed, 2009-08-12 at 19:21 -0700, humble wrote:

> Hi,
>
> I am writing a web application that involves session management with
> the corporate backend module. I wrote my own authentication backend
> plugin to satisfy the corporate requirement, not the default
> authentication backend. I use file based session engine to avoid
> sqlite crap. Everything works fine in firefox and chrome. But it seems
> to be a problem with IE: response includes a new session ID (actually
> a test cookie) for each request from IE. It seems IE never sends back
> the previous cookie given by the server in subsequent request. Check
> in /tmp/ (where I store all session files), I see the previous session
> file is replaced with a new empty session file.
>
> Looking in to contrib.session.middleware.py confirms
> "request.session.session_key" is different for each request. However,
> this only happens when I use IE.  I configured IE 7 to allow cookies,
> so it does not reject cookies from django. What might be the problem?
> Has any one seen this issue before?

I've seen it before when the domain being used for the cookie wasn't a
valid domain name. Browsers have blacklists of sets of domains that they
won't accept/send cookies for and they typically won't allow you to set
a cookie for .com, say.

That might be the problem in this case.

Regards,
Malcolm


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

humble-3

Hi Malcolm

Thanks for your suggestion. I did to try using a FQDN to configure IE
for cookies. I am still seeing requests coming in from IE do not carry
a cookie......

What am I doing wrong?

On Aug 12, 9:48 pm, Malcolm Tredinnick <[hidden email]>
wrote:

> On Wed, 2009-08-12 at 19:21 -0700, humble wrote:
> > Hi,
>
> > I am writing a web application that involves session management with
> > the corporate backend module. I wrote my own authentication backend
> > plugin to satisfy the corporate requirement, not the default
> > authentication backend. I use file based session engine to avoid
> > sqlite crap. Everything works fine in firefox and chrome. But it seems
> > to be a problem with IE: response includes a new session ID (actually
> > a test cookie) for each request from IE. It seems IE never sends back
> > the previous cookie given by the server in subsequent request. Check
> > in /tmp/ (where I store all session files), I see the previous session
> > file is replaced with a new empty session file.
>
> > Looking in to contrib.session.middleware.py confirms
> > "request.session.session_key" is different for each request. However,
> > this only happens when I use IE.  I configured IE 7 to allow cookies,
> > so it does not reject cookies from django. What might be the problem?
> > Has any one seen this issue before?
>
> I've seen it before when the domain being used for the cookie wasn't a
> valid domain name. Browsers have blacklists of sets of domains that they
> won't accept/send cookies for and they typically won't allow you to set
> a cookie for .com, say.
>
> That might be the problem in this case.
>
> Regards,
> Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

Florian Schweikert

I have a similar problem with FF and Etch (with Django 1.0 and 1.1
tested).
Works when running on my notebook (Ubuntu 9.10a4 with Django 1.1).
I'm using Apache/mod_python.

On 13 Aug., 23:07, humble <[hidden email]> wrote:

> Hi Malcolm
>
> Thanks for your suggestion. I did to try using a FQDN to configure IE
> for cookies. I am still seeing requests coming in from IE do not carry
> a cookie......
>
> What am I doing wrong?
>
> On Aug 12, 9:48 pm, Malcolm Tredinnick <[hidden email]>
> wrote:
>
> > On Wed, 2009-08-12 at 19:21 -0700, humble wrote:
> > > Hi,
>
> > > I am writing a web application that involves session management with
> > > the corporate backend module. I wrote my own authentication backend
> > > plugin to satisfy the corporate requirement, not the default
> > > authentication backend. I use file based session engine to avoid
> > > sqlite crap. Everything works fine in firefox and chrome. But it seems
> > > to be a problem with IE: response includes a new session ID (actually
> > > a test cookie) for each request from IE. It seems IE never sends back
> > > the previous cookie given by the server in subsequent request. Check
> > > in /tmp/ (where I store all session files), I see the previous session
> > > file is replaced with a new empty session file.
>
> > > Looking in to contrib.session.middleware.py confirms
> > > "request.session.session_key" is different for each request. However,
> > > this only happens when I use IE.  I configured IE 7 to allow cookies,
> > > so it does not reject cookies from django. What might be the problem?
> > > Has any one seen this issue before?
>
> > I've seen it before when the domain being used for the cookie wasn't a
> > valid domain name. Browsers have blacklists of sets of domains that they
> > won't accept/send cookies for and they typically won't allow you to set
> > a cookie for .com, say.
>
> > That might be the problem in this case.
>
> > Regards,
> > Malcolm

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

Florian Schweikert

Tested without apache on the server, seems to work.
I think my problem has another reason.

On Aug 19, 1:05 pm, Kelvan <[hidden email]> wrote:

> I have a similar problem with FF and Etch (with Django 1.0 and 1.1
> tested).
> Works when running on my notebook (Ubuntu 9.10a4 with Django 1.1).
> I'm using Apache/mod_python.
>
> On 13 Aug., 23:07, humble <[hidden email]> wrote:
>
> > Hi Malcolm
>
> > Thanks for your suggestion. I did to try using a FQDN to configure IE
> > for cookies. I am still seeing requests coming in from IE do not carry
> > a cookie......
>
> > What am I doing wrong?
>
> > On Aug 12, 9:48 pm, Malcolm Tredinnick <[hidden email]>
> > wrote:
>
> > > On Wed, 2009-08-12 at 19:21 -0700, humble wrote:
> > > > Hi,
>
> > > > I am writing a web application that involves session management with
> > > > the corporate backend module. I wrote my own authentication backend
> > > > plugin to satisfy the corporate requirement, not the default
> > > > authentication backend. I use file based session engine to avoid
> > > > sqlite crap. Everything works fine in firefox and chrome. But it seems
> > > > to be a problem with IE: response includes a new session ID (actually
> > > > a test cookie) for each request from IE. It seems IE never sends back
> > > > the previous cookie given by the server in subsequent request. Check
> > > > in /tmp/ (where I store all session files), I see the previous session
> > > > file is replaced with a new empty session file.
>
> > > > Looking in to contrib.session.middleware.py confirms
> > > > "request.session.session_key" is different for each request. However,
> > > > this only happens when I use IE.  I configured IE 7 to allow cookies,
> > > > so it does not reject cookies from django. What might be the problem?
> > > > Has any one seen this issue before?
>
> > > I've seen it before when the domain being used for the cookie wasn't a
> > > valid domain name. Browsers have blacklists of sets of domains that they
> > > won't accept/send cookies for and they typically won't allow you to set
> > > a cookie for .com, say.
>
> > > That might be the problem in this case.
>
> > > Regards,
> > > Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

Maksymus007
In reply to this post by humble-3

On Thu, Aug 13, 2009 at 4:21 AM, humble<[hidden email]> wrote:

>
> Hi,
>
> I am writing a web application that involves session management with
> the corporate backend module. I wrote my own authentication backend
> plugin to satisfy the corporate requirement, not the default
> authentication backend. I use file based session engine to avoid
> sqlite crap. Everything works fine in firefox and chrome. But it seems
> to be a problem with IE: response includes a new session ID (actually
> a test cookie) for each request from IE. It seems IE never sends back
> the previous cookie given by the server in subsequent request. Check
> in /tmp/ (where I store all session files), I see the previous session
> file is replaced with a new empty session file.
>
> Looking in to contrib.session.middleware.py confirms
> "request.session.session_key" is different for each request. However,
> this only happens when I use IE.  I configured IE 7 to allow cookies,
> so it does not reject cookies from django. What might be the problem?
> Has any one seen this issue before?

IE requires your domain to have at least 2 parts - so you cannot set,
for example, cookie.domain like .application even such a domain is
valid in your network.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: new session ID is created for every request from IE 7

Florian Schweikert
In reply to this post by Florian Schweikert

Setting SESSION_ENGINE to 'django.contrib.sessions.backends.cached_db'
in Django 1.1 solved my problem.
Sorry for my "spam".

On Aug 19, 2:03 pm, Kelvan <[hidden email]> wrote:

> Tested without apache on the server, seems to work.
> I think my problem has another reason.
>
> On Aug 19, 1:05 pm, Kelvan <[hidden email]> wrote:
>
> > I have a similar problem with FF and Etch (with Django 1.0 and 1.1
> > tested).
> > Works when running on my notebook (Ubuntu 9.10a4 with Django 1.1).
> > I'm using Apache/mod_python.
>
> > On 13 Aug., 23:07, humble <[hidden email]> wrote:
>
> > > Hi Malcolm
>
> > > Thanks for your suggestion. I did to try using a FQDN to configure IE
> > > for cookies. I am still seeing requests coming in from IE do not carry
> > > a cookie......
>
> > > What am I doing wrong?
>
> > > On Aug 12, 9:48 pm, Malcolm Tredinnick <[hidden email]>
> > > wrote:
>
> > > > On Wed, 2009-08-12 at 19:21 -0700, humble wrote:
> > > > > Hi,
>
> > > > > I am writing a web application that involves session management with
> > > > > the corporate backend module. I wrote my own authentication backend
> > > > > plugin to satisfy the corporate requirement, not the default
> > > > > authentication backend. I use file based session engine to avoid
> > > > > sqlite crap. Everything works fine in firefox and chrome. But it seems
> > > > > to be a problem with IE: response includes a new session ID (actually
> > > > > a test cookie) for each request from IE. It seems IE never sends back
> > > > > the previous cookie given by the server in subsequent request. Check
> > > > > in /tmp/ (where I store all session files), I see the previous session
> > > > > file is replaced with a new empty session file.
>
> > > > > Looking in to contrib.session.middleware.py confirms
> > > > > "request.session.session_key" is different for each request. However,
> > > > > this only happens when I use IE.  I configured IE 7 to allow cookies,
> > > > > so it does not reject cookies from django. What might be the problem?
> > > > > Has any one seen this issue before?
>
> > > > I've seen it before when the domain being used for the cookie wasn't a
> > > > valid domain name. Browsers have blacklists of sets of domains that they
> > > > won't accept/send cookies for and they typically won't allow you to set
> > > > a cookie for .com, say.
>
> > > > That might be the problem in this case.
>
> > > > Regards,
> > > > Malcolm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---