Code

Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#1758 closed defect (worksforme)

When logged in admin I got a 'user tampered with session cookie' exception.

Reported by: b-pennington@… Owned by: adrian
Component: contrib.admin Version: master
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I was logged into my admin continuously without using it for about an hour. When I finally got back to the admin panel I got a 'User Tampered With Session Cookie'. Clearing cookies fixed the problem.

Attachments (0)

Change History (7)

comment:1 Changed 8 years ago by jacob

  • Resolution set to invalid
  • Status changed from new to closed

Without more details I can't reproduce this; there's quite a bit of stuff (proxies, IP changes, changes to your code...) that could have triggered the message.

comment:2 Changed 8 years ago by anonymous

  • Resolution invalid deleted
  • Status changed from closed to reopened
  • Version changed from magic-removal to 0.91

I got this when my sysadmin updated apache. Same thing happened on the admin page. The only change was apache. I had to fix it by getting rid of the checks in django, which is very very bad. I do not know what else to do.

comment:3 Changed 8 years ago by Malcolm Tredinnick <malcolm@…>

In response to the last comment: did this happen repeatedly after the Apache upgrade? Even after clearing cookies in your browser? If so, that is a problem.

But if it just happened the once and then clearing cookies fixed it, that isn't a Django problem. It just means that something major like upgrading Apache might require logging in again. That isn't a common occurrence and not really worth working around (or even possible to do so).

comment:4 Changed 8 years ago by adrian

  • Resolution set to worksforme
  • Status changed from reopened to closed

Closing. See previous comment.

comment:5 Changed 8 years ago by kaczmarek.krzysztof@…

  • Version changed from 0.91 to SVN

I have the same problem. Clearing cookies doesn't fix this problem. What can I do?

comment:6 Changed 8 years ago by anonymous

I can get this message by logging into the admin system then modifying the SECRET_KEY setting in settings.py.

Clearing the cookie definitely works in this case (using Firefox 2.0.0.1)

comment:7 Changed 7 years ago by dazer017@…

I can reproduce this problem, although it seems not to be a django problem:

i use mod_python to run django in an apache web server. There is also php4 installed as module on the same server.

If i disable the php4 module, django works with mod_python. When the php module is enabled again, the same error persists.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.