I restred a Django application I was working on previously and when I
tried to login to the admin section, I received this error:
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/django/core/handlers/base.py" in
get_response
74. response = callback(request, *callback_args, **callback_kwargs)
File
"/usr/lib/python2.4/site-packages/django/views/generic/date_based.py" in
archive_index
39. }, context_processors)
File "/usr/lib/python2.4/site-packages/django/template/context.py" in
__init__
97. self.update(processor(request))
File
"/usr/lib/python2.4/site-packages/django/core/context_processors.py" in auth
17. return {
File
"/usr/lib/python2.4/site-packages/django/contrib/auth/middleware.py" in
__get__
9. user_id = request.session[SESSION_KEY]
File
"/usr/lib/python2.4/site-packages/django/contrib/sessions/middleware.py"
in __getitem__
18. return self._session[key]
File
"/usr/lib/python2.4/site-packages/django/contrib/sessions/middleware.py"
in _get_session
57. self._session_cache = s.get_decoded()
File
"/usr/lib/python2.4/site-packages/django/contrib/sessions/models.py" in
get_decoded
55. raise SuspiciousOperation, "User tampered with session cookie."
SuspiciousOperation at /iblog/
User tampered with session cookie.
What exactly is the meaning of this and what would cause this error?
Apache virtual host settings, insufficient or misconfigured file
permissions?
It seems it has something to do with Apache configuration, becuase I
don't have that problem when I run Django development web server
I have seen this error when I was working on myDomainOne and then
started the same app under myDomainTwo.
I've heard that the problem might be related to md5 hashing (someone
just recently posted it here in the groups with the same error
message). I looked at the django code and that where that error message
is thrown and it seemed to confirm that, but I don't know why this
happens.
Could there be a bug with mod_python? I simply don't know, but would
appreciate someone more experienced looking into it.
I suspect that it is. I've run into the same problem when I
inadvertently changed the SECRET_KEY setting.
Joseph
another solution might be something along the lines of the patch I posted
earlier[3] - but of course, I don't know whether or when this will make it in
into django ;)
[1] http://www.ietf.org/rfc/rfc1321.txt
[2] http://modpython.org/pipermail/mod_python/2006-June/021482.html
[3]
http://groups.google.com/group/django-users/browse_thread/thread/eeb44c894342d6f7/4b951b6d3a8644dd
--
cheers,
Nikl
Nikl
hmm, i don't know exactly what to do here, as I haven't tampered with
anything. I'll try to recreate the project (extra work, but maybe it'll
work)
If this is a problem with mod_python in Ubuntu, I'll have to switch back
to FC5 where things 'worked'.
What happens when you clear out your sessions table?
FYI, there's nothing about Ubuntu versus mod_python that would/could
cause this (I use both).
Jacob
Hmm, I don't want to modify the framework code and start creating this
sort of workarounds since I use django-trunk...
I guess I'll have to wait until this problem is resolved, though I
thought Django was for developers with deadlines :)
Well, this makes me a little cautious in using the framework for my web
development. Sad, 'cause I liked it. But I'll dig for more info and try
to find a solution
000000000abcebfdaff71c28a368d8bd
When I log in using the development server, I can login successfully and
the session_key I see is:
6b668c51d7d4fddd89c14e14e0569417
These are obviously very different, particularly the 0s in the beginning
of the session_key from mod_python.
One common thing that I noticed between your current problem (which
looks a lot like Nikolaus Shlemm's md5 sum problem) and the original
problem Nikolaus demonstrated on the mod_python list is that you are
both using a reasonably recent Ubuntu installation. No idea why that
will contribute (or even if it is a differentiating factor), but it's
something to note.
Malcolm
Hi, Malcolm
Yes, I noticed that too. Perhaps it would be good if I tested this
behaviour on another distro, but I don't want to resetup my development
machine again. Maybe someone with a distro other than Ubuntu Dapper
could compare the session_keys in django_sessions table with mod_python
as well as builtin server, and see if this is also happening.
Patrick
> Malcolm Tredinnick wrote:
>> [quoted text muted]
>
> Hi, Malcolm
>
> Yes, I noticed that too. Perhaps it would be good if I tested this
> behaviour on another distro, but I don't want to resetup my development
> machine again. Maybe someone with a distro other than Ubuntu Dapper
> could compare the session_keys in django_sessions table with mod_python
> as well as builtin server, and see if this is also happening.
>
> Patrick
>
>
>
Well, I reinstalled Fedora Core 5 and setup django-trunk. There is no
problem with FC5, so I suspect that there's something wrong with Ubuntu
Dapper here.
Here's my session_key after logging into admin using mod_python:
21d78b3bd4da4a79bd7f02c038c0707d
On Ubuntu Dapper php5 seems to be the culprit. If you disable php5
(sudo a2dismod php5) you will discover that mod_python suddenly starts
calculating md5 properly and this bug will disappear.
A bug report has been filed with Ubuntu, so hopefully they will fix it
soon.
https://launchpad.net/distros/ubuntu/+source/libapache2-mod-python/+bug/54135
cheers,
Anton