Development server: cookies not working

3,154 views
Skip to first unread message

fsang

unread,
May 5, 2011, 9:02:00 AM5/5/11
to Django users
Hi,

I am running my Django project on a remote host (with Apache) and on
my current machine (localhost, using "runserver"). Cookies and
sessions work fine when the project is served via Apache from the
remote host. But for some reasons all of my browsers reject the
cookies from the development server (127.0.0.1).

I do not have any SESSION_COOKIE_* or other COOKIE*-settings in my
settings.py. I am accessing my local project through 127.0.0.1:8000
(although I've also tried localhost:8000 and localhost.localdomain:
8000). After using wireshark I was also able to see that the cookie is
actually being sent, but for some reason neither Firefox nor Chromium
seem to accept it.

The csrftoken-cookie works as expected (locally and with the remote
server).

Can anyone suggest a workaround?


Regards,
Frederik

Tom Evans

unread,
May 5, 2011, 12:31:59 PM5/5/11
to django...@googlegroups.com

If you can see the Set-Cookie header in the responses, but your
browser is not accepting them, verify that the path and domain are
correct in that response. Browsers will ignore cookies for domains
other than the domain serving the page, and for paths other than the
current path and substrings of the current path (as the browser sees
it).

Cheers

Tom

Frederik Vogelsang

unread,
May 12, 2011, 8:29:33 AM5/12/11
to django...@googlegroups.com
Hi,

2011/5/5 Tom Evans <teva...@googlemail.com>:


> If you can see the Set-Cookie header in the responses, but your
> browser is not accepting them, verify that the path and domain are
> correct in that response. Browsers will ignore cookies for domains
> other than the domain serving the page, and for paths other than the
> current path and substrings of the current path (as the browser sees
> it).

The domain definitely is correct. I am not sure about the path because
the cookie is being set for the root (/) path. This is the request and
reply:

POST /search/advanced/ HTTP/1.1
Host: 127.0.0.1:8000
Connection: keep-alive
Referer: http://127.0.0.1:8000/search/advanced/
Content-Length: 149
Cache-Control: max-age=0
Origin: http://127.0.0.1:8000
User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/534.24 (KHTML,
like Gecko) Chrome/11.0.696.65 Safari/534.24
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sessionid=xxx; csrftoken=xxx

csrfmiddlewaretoken=xxx&givenName=foo&surname=
HTTP/1.0 302 FOUND
Date: Thu, 12 May 2011 12:22:50 GMT
Server: WSGIServer/0.1 Python/2.6.5
Vary: Cookie
Content-Type: text/html; charset=utf-8
Location: http://127.0.0.1:8000/search/result/
Set-Cookie: sessionid=xxx; expires=Thu, 26-May-2011 12:22:50 GMT;
Max-Age=1209600; Path=/; secure


Any ideas?


Regards,
Frederik

Frederik Vogelsang

unread,
May 12, 2011, 8:45:01 AM5/12/11
to django...@googlegroups.com
Hi,

one quick update: the problem was the Set-Cookie line. I did set
SESSION_COOKIE_SECURE = True in my settings.py, this is why it did not
work with the localserver.

Thanks everyone!


Frederik

Reply all
Reply to author
Forward
0 new messages