Get logged out while editing
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Ubuntu Developer Portal |
High
|
Michael Hall | ||
Bug Description
I regularly get logged out when editing takes longer. First signs of this usually are "can't create plugin", when trying to add a link or picture. Sometimes I get the DjangoCMS login field.
When this happens, all changes are lost.
Related branches
- Nicholas Skaggs (community): Approve on 2015-05-18
- Ubuntu App Developer site developers: Pending requested 2015-05-18
-
Diff: 14 lines (+4/-0)1 file modifieddeveloper_portal/middleware.py (+4/-0)
| Changed in developer-ubuntu-com: | |
| importance: | Undecided → High |
| status: | New → Triaged |
| Changed in developer-ubuntu-com: | |
| assignee: | nobody → Michael Hall (mhall119) |
| Daniel Holbach (dholbach) wrote : | #1 |
| Daniel Holbach (dholbach) wrote : | #2 |
<dholbach> mhall119, do you know why developer.u.c sometimes logs me out while editing?
<mhall119> dholbach_: yes and no
dholbach_: I'm 99% sure it logs you out because of the middle ware we use to delete session cookies (this was needed to make the china cache efficient, as it stores a copy per cookie)
<mhall119> this should only happen for not-logged-in users though, and the middleware checks for the existance of a user associated with the request to make sure it doesn't delete their cookies
<dholbach_> do we need a bug report for this?
maybe we have one already?
<mhall119> now, I'm > 50% sure that some redirects within DjangoCMS are being triggered before the user is attached to the request object, and so the middleware deletes your session cookie when that happens
<mhall119> dholbach_: I don't think we do, but please file one and assign it to me
| Michael Hall (mhall119) wrote : | #3 |
Most likely due to the cache-friendly middleware we created to strip session cookies from non-logged-in user responses.
I need to check that this middleware is actually worth having, and if so I will need to make it more careful about when it delete the cookie.
| Changed in developer-ubuntu-com: | |
| status: | Triaged → In Progress |
| tags: | added: site-dev |
| Daniel Holbach (dholbach) wrote : | #4 |
Is this already solved?
| David Callé (davidc3) wrote : | #5 |
I think so, yes
| Changed in developer-ubuntu-com: | |
| status: | In Progress → Fix Released |


Not sure if it helps to debug, but when it happens, I sometimes get this issue too:
Forbidden (403)
CSRF verification failed. Request aborted.
More information is available with DEBUG=True.