A picturesque authentication problem ONLY in Google Chrome
34 views
Skip to first unread message
Rogerio Carrasqueira
Jun 8, 2023, 2:49:18 PM6/8/23
to django...@googlegroups.com
Hello All!
All good? I'm running an application in Django 1.4.22 and some days I'm facing some difficulties for my users to access the restricted area of my site. It so happens that I have the site running on the main domain www.dominio.com.br and the restricted area on app.dominio.com.br, both running on https, and so far everything is fine.
When the user tries to access the restricted area thru the main domain, he enters the site www.dominio.com.br and clicks on a link that redirects to the restricted area in the subdomain app.dominio.com.br, but he cannot log in, he it puts the username and password and returns to the initial login page, and it does not authenticate.
After some tests, I verified that if I go to Chrome's privacy settings, I can delete the cookie for the domain in question, after the removal of domain cookie information and if the user accesses directly via app.domain.com.br, without going through the main site www.dominio.com.br, can log in successfully. Now, if you go through the main site afterwards, you can no longer log in to the restricted area, you must delete the cookie again in the Google Chrome settings.
In other browsers this problem does not happen, including in other browsers of the Chromiun family, such as Brave, Vivaldi and even Micro$oft's own.
Has anyone gone through a similar problem?
Awaiting help from a kind soul
When the user tries to access the restricted area thru the main domain, he enters the site www.dominio.com.br and clicks on a link that redirects to the restricted area in the subdomain app.dominio.com.br, but he cannot log in, he it puts the username and password and returns to the initial login page, and it does not authenticate.
After some tests, I verified that if I go to Chrome's privacy settings, I can delete the cookie for the domain in question, after the removal of domain cookie information and if the user accesses directly via app.domain.com.br, without going through the main site www.dominio.com.br, can log in successfully. Now, if you go through the main site afterwards, you can no longer log in to the restricted area, you must delete the cookie again in the Google Chrome settings.
In other browsers this problem does not happen, including in other browsers of the Chromiun family, such as Brave, Vivaldi and even Micro$oft's own.
Has anyone gone through a similar problem?
Awaiting help from a kind soul
Cheers!
Rogério Carrasqueira
Fabio C. Barrionuevo da Luz
Jun 8, 2023, 3:14:37 PM6/8/23
to django...@googlegroups.com
Try to define the SESSION_COOKIE_DOMAIN on your settings.py
SESSION_COOKIE_DOMAIN=".dominio.com.br"
https://docs.djangoproject.com/en/4.2/ref/settings/#session-cookie-domain
https://django.readthedocs.io/en/1.4.X/ref/settings.html#session-cookie-domain
That said, Django 1.4.22 was released 8 years ago, and most likely, there were a lot of fixes between Django 1.4 and 4.2 LTS, including several security fixes for major flaws, so even if you manage to solve this particular problem, perhaps you should consider starting planning to port this system to newer versions of Python and Django.
If you need help with this, Labcodes can help you in migrating and structure your project to be more maintainable in the long term.
You can contact us by contact at labcodes.com.br and mention my name.
SESSION_COOKIE_DOMAIN=".dominio.com.br"
https://docs.djangoproject.com/en/4.2/ref/settings/#session-cookie-domain
https://django.readthedocs.io/en/1.4.X/ref/settings.html#session-cookie-domain
That said, Django 1.4.22 was released 8 years ago, and most likely, there were a lot of fixes between Django 1.4 and 4.2 LTS, including several security fixes for major flaws, so even if you manage to solve this particular problem, perhaps you should consider starting planning to port this system to newer versions of Python and Django.
If you need help with this, Labcodes can help you in migrating and structure your project to be more maintainable in the long term.
You can contact us by contact at labcodes.com.br and mention my name.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACX1ULQ4kMb%2BfdrkfZg0KvBUyfha6zbNDU1u1Grg9cFP_gfR9g%40mail.gmail.com.
Fábio C. Barrionuevo da Luz
Palmas - Tocantins - Brasil - América do Sul
Palmas - Tocantins - Brasil - América do Sul
Blog colaborativo sobre Python e tecnologias Relacionadas, mantido totalmente no https://github.com/pythonclub/pythonclub.github.io .
Todos são livres para publicar. É só fazer fork, escrever sua postagem e mandar o pull-request. Leia mais sobre como publicar em README.md e contributing.md.
Regra básica de postagem:
"Você" acha interessante? É útil para "você"? Pode ser utilizado com Python ou é útil para quem usa Python? Está esperando o que? Publica logo, que estou louco para ler...
Rogério Carrasqueira
Jun 8, 2023, 3:28:35 PM6/8/23
to Django users
Hello Fabio,
Thanks for you reply, this must be considered on both sites or only in subdomain?
Thanks again!
Rogerio Carrasqueira
Jun 8, 2023, 3:47:10 PM6/8/23
to django...@googlegroups.com
Placed on both files:
Nothing happened
Rogério Carrasqueira
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0cf132a5-79b6-45d9-84d5-d3bc2982cce9n%40googlegroups.com.
Dilmurod Dilmurod
Jun 27, 2023, 8:09:31 AM6/27/23
to django...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages