https://remoteindian.com/ logo
#random
Title
# random
s

silly-thailand-99259

09/21/2022, 11:09 AM
Engineering Question: Hello everyone! I am deploying a Django application. For high availability, I have the application deployed on two VMs. After configuring the load balancer (NGINX) for both the VMs, I cannot log in to the admin dashboard. I can access the admin dashboard login page. After entering the password, the page reloads and I see the login page again. I read this message and configured
SESSION_COOKIE_NAME
on both the VMs to a different value, but now a user has to login twice if the VM serving the requests changes. Can anyone give me some pointers to work around this issue? The application is using cache backend for session storage. The cache is configured to use a shared Redis database.
f

famous-hair-69130

09/21/2022, 11:21 AM
None of this is Django specific though. how are you validating the cookie or the value stored in the cookie? May be, the way validation is done at times is, decrypting the value from the cookie to match with some record in the db, and if it fails, it means login failed, or otherwise. Now if decryption fails, that means, the key to decrypt could be different than what was used for encrypting in the first place (different in both the servers I meant).
d

damp-coat-97256

09/21/2022, 11:26 AM
In tech, looking at a old post from 2009 is not going to be of lot of value
Is the docs not helpful? They usually talk about this - https://docs.djangoproject.com/en/4.1/topics/http/sessions/
s

silly-thailand-99259

09/21/2022, 11:28 AM
Thank for your help @famous-hair-69130 and @damp-coat-97256! I finally found a solution for my problem https://stackoverflow.com/a/18248640/7911552
Now if decryption fails, that means, the key to decrypt could be different than what was used for encrypting in the first place (different in both the servers I meant)
this rang bell in my head regarding Django's
SECRET_KEY
setting
d

damp-coat-97256

09/21/2022, 11:30 AM
Yeah it’s usually about SECRET_KEY. BTW, in the SO answer they are using cookie storage, don’t use that for your purpose
s

silly-thailand-99259

09/21/2022, 11:30 AM
I am using Cache backend for session storage.
w

wide-twilight-82330

09/22/2022, 6:56 AM
stuff like this is why people use JWTs, although there are challenges with expiring / logging out all sessions with that
f

famous-hair-69130

09/22/2022, 6:58 AM
ya JWTs come with their own set of problems to deal with. But then what does not come with challenges. 🙂
3 Views