Opened 16 years ago
Closed 16 years ago
#7418 closed (worksforme)
session middleware claims user tampered with session cookie
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | contrib.sessions | Version: | 0.96 |
Severity: | Keywords: | ||
Cc: | spage@… | Triage Stage: | Unreviewed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I am using the latest stable release of Django, 0.96, on CentOS Linux 4.6 with PostgreSQL postgresql-7.4.13-2.RHEL4.1.
I have had problems maintaining session persistence so I dropped some debug code into the session middleware, and found this:
INFO:django-teleworker:Session key is f26b6104bc3d7fa04311857265c3d3c5
session was in cache
failed to pull session from db, making new one
err = User tampered with session cookie.
django.contrib.sessions.models.Session.get_decoded is raising a SuspiciousOperation exception. It's not clear why.
>>> from django.contrib.sessions.models import Session >>> q = Session.objects.all() >>> for s in q: ... print s.get_decoded() ... Traceback (most recent call last): File "<console>", line 2, in ? File "/var/tmp/django-0.96.2-root/usr/lib/python2.3/site-packages/django/contrib/sessions/models.py", line 82, in get_decoded SuspiciousOperation: User tampered with session cookie.
As things are I may have to remove this check to get things working. I looked in the trunk in SVN and this code doesn't seem any different.
Change History (5)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
This seems relevant.
http://code.djangoproject.com/wiki/ModPython
And this
http://tjulo.blogspot.com/2007/03/problems-with-md5-and-modpython.html
comment:3 by , 16 years ago
I just patched the session middleware to use sha instead of md5, and it seems to be working.
comment:5 by , 16 years ago
Resolution: | → worksforme |
---|---|
Status: | new → closed |
I can't reproduce this on trunk. Please reopen if you have more details that help reproduce the problem.
For some reason, the md5 sums aren't matching.