authentication switching mid-session
|Reported by:||Chris Curvey||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When my Django system is under heavy load (system CPU > 90%), I start getting complaints to users that their authentication changes in the middle of a session. For example:
1) Bob logs in to the site. The site says "Hello Bob" at the top of each page.
2) Bob uses the site for a while without incident
3) Bob notices that the top of the page now says "Hello Steve".
The problem is intermittent, and I can't duplicate it (but I have seen it with my own eyes). I'm running Django 1.2.5 on Windows, with SessionMiddleware installed. I have django.contrib.sessions in my INSTALLED_APPS, and I believe that I'm using database-backed sessions, with a MySQL database.
The only "odd" thing that I'm doing is that I have four instances of Apache running, with my Django app running via mod_wsgi in each of them. There is another apache server in front that does load-balancing, so multiple requests from a single user may get routed to different apache instances (which is what I want, to get maximum throughput on Ajax calls). But I thought that having the sessions be database-backed would deal with this (multiple session requests can hit the database at the same time).
Any thoughts? I'm sorry this is such a lousy, unrepeatable case.