session middleware claims user tampered with session cookie
|Reported by:||Michael Soulier <msoulier@…>||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
I am using the latest stable release of Django, 0.96, on CentOS Linux 4.6 with PostgreSQL postgresql-7.4.13-2.RHEL4.1.
I have had problems maintaining session persistence so I dropped some debug code into the session middleware, and found this:
INFO:django-teleworker:Session key is f26b6104bc3d7fa04311857265c3d3c5
session was in cache
failed to pull session from db, making new one
err = User tampered with session cookie.
django.contrib.sessions.models.Session.get_decoded is raising a SuspiciousOperation exception. It's not clear why.
>>> from django.contrib.sessions.models import Session >>> q = Session.objects.all() >>> for s in q: ... print s.get_decoded() ... Traceback (most recent call last): File "<console>", line 2, in ? File "/var/tmp/django-0.96.2-root/usr/lib/python2.3/site-packages/django/contrib/sessions/models.py", line 82, in get_decoded SuspiciousOperation: User tampered with session cookie.
As things are I may have to remove this check to get things working. I looked in the trunk in SVN and this code doesn't seem any different.
Change History (5)
comment:1 Changed 8 years ago by Michael Soulier <msoulier@…>
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset