Engineering Question: Hello everyone! I am deplo...
# random
s
Engineering Question: Hello everyone! I am deploying a Django application. For high availability, I have the application deployed on two VMs. After configuring the load balancer (NGINX) for both the VMs, I cannot log in to the admin dashboard. I can access the admin dashboard login page. After entering the password, the page reloads and I see the login page again. I read this message and configured
SESSION_COOKIE_NAME
on both the VMs to a different value, but now a user has to login twice if the VM serving the requests changes. Can anyone give me some pointers to work around this issue? The application is using cache backend for session storage. The cache is configured to use a shared Redis database.
f
None of this is Django specific though. how are you validating the cookie or the value stored in the cookie? May be, the way validation is done at times is, decrypting the value from the cookie to match with some record in the db, and if it fails, it means login failed, or otherwise. Now if decryption fails, that means, the key to decrypt could be different than what was used for encrypting in the first place (different in both the servers I meant).
d
In tech, looking at a old post from 2009 is not going to be of lot of value
Is the docs not helpful? They usually talk about this - https://docs.djangoproject.com/en/4.1/topics/http/sessions/
s
Thank for your help @famous-hair-69130 and @damp-coat-97256! I finally found a solution for my problem https://stackoverflow.com/a/18248640/7911552
Now if decryption fails, that means, the key to decrypt could be different than what was used for encrypting in the first place (different in both the servers I meant)
this rang bell in my head regarding Django's
SECRET_KEY
setting
d
Yeah it’s usually about SECRET_KEY. BTW, in the SO answer they are using cookie storage, don’t use that for your purpose
s
I am using Cache backend for session storage.
w
stuff like this is why people use JWTs, although there are challenges with expiring / logging out all sessions with that
f
ya JWTs come with their own set of problems to deal with. But then what does not come with challenges. 🙂