Django session issue with mod_wsgi + apache

[Dipankar B]

Hello,

I am working on Django Aplication . It has almost 350 users right now.

Problem.

Suppose we have a username bob and james.

So, bob logged in and using our Django web application. But Sometimes bob's session is showing james account information. So bob is able to see James private data as we are using session (request.user ) to show user profile data.

I am too much worried about this as it can completely ruin our application.

Can you please tell me what is possible cause to such behavior.

We are using 1.9.6.

Please help.

[Dan Tagg]

Cacheing? 

1. Do Bob's and James's pages have different URLs

2. Have you configured your cacheing. if you are using it, to not reuse components that could be confused?

3. Are you sending the correct cacheing directions to try and make sure caches between your infrastructure and the user's screen are not making the mistake.

D

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/9bb086f2-8d30-4d97-af2c-921610d364df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Wildman and Herring Limited, Registered Office: Sir Robert Peel House, 178 Bishopsgate, London, United Kingdom, EC2M 4NJ, Company no: 05766374

[Dipankar B]

Thanks for reply.

I am using default value for django cache. 

We are building dynamic website so URL should be same for all user. But Session can be used to display dynamic content.

What are reason for such type behavior?

And I am unable to reproduce the issue again.

Please help me.

[James Schneider]

>
> Thanks for reply.
>
> I am using default value for django cache. 
>
> We are building dynamic website so URL should be same for all user. But Session can be used to display dynamic content.
>
> What are reason for such type behavior?
>
> And I am unable to reproduce the issue again.
>

Sometimes cases like this can be attributed to code that is not thread safe and introduces race conditions. It may be that this issue will only appear while the server is under high load.

Can you provide the view for your user profile (or the page you mentioned where you saw the issue) and the template? The relevant urls.py may also be useful.

-James