[mod_python] Session problem

Jakub Labath jlabath at gmail.com
Wed Nov 22 19:00:27 EST 2006 

On 11/22/06, Jim Gallacher <jpg at jgassociates.ca> wrote:
> Graham Dumpleton wrote:
> > Bouncing this back to the mailing list where it belongs so everyone can
> > follow along.
> >
> > Jakub Labath wrote ..
> >
> > Hi,
> >
> >> When you say cookies, are these cookies being constructed using Django's
> >> infrastructure for creating them?
> >
> > Correct it's the sessionid cookie created by Django.
> >
> >> Further, is the request object a mod_python
> >> request object or a Django request object wrapper?
> >
> > In the previously attached log the request is Django request.
> > And the modpython request is the actual modpython request.
> >
> > What I found weird is that the same mod_python request serviced two
> > different clients at different times, but perhaps that makes sense for
> > preforked apache.
>
> Just to clarify your terminology, it is the same mod_python *instance*
> servicing 2 different client requests. And no, it is not weird, but
> rather the whole point of mod_python. Well maybe not the *whole* point,
> but a very important one. :) In the simplest case you get one python
> interpreter per apache child process, thus avoiding the overhead of
> creating a new interpreter for each request.

It was the same child process (that much makes sense too me too), but
it also had the same address for modpython request object. Which I
thought is little weird since if request comes from address A it
should not be the same as if it comes from address B.
But the python id is just a memory address so it is possible that it
was just reusing the same memory space.

> >> At this point it sounds like it may be a Django issue if you are using it as
> >> it merely uses mod_python as a jumping off point and doesn't tightly
> >> integrate with mod_python and use its cookies or sessions and provides
> >> users with their own request object wrapper as far as I know.
> >
> > That was my first thought as well, and I reviewed our and django
> > session handling the best I could. I found nothing unusual. In fact we
> > have not touched the way django handles the sessions and cookies at
> > all. I tried the django users group nobody seems to have similar
> > problems, I even talked to one of the django's main devs he has no
> > clue either.
> >
> >> That said, as a start I would strongly recommend that you upgrade to
> >> mod_python 3.2.10 and see if your problems go away.
> >
> > I'll try that but I already tried upgrading from debian to gentoo and
> > from python2.3 to python2.4 and I had the same problem on both. I know
> > that would mean that it is something in our code ... but I haven't
> > changed anything ... oh the headache.
>
> Indeed.
>
> A little light just went off in my head. Is it always *exactly* the same
> session id being served up for *all* requests?

No 99% of the time all work works normally.
User A comes along gets his own cookie user B comes along gets her own
cookie ... and then in one moment user A gets the cookie that belongs
to user B. While B user still gets her own cookie. Then user A notices
that suddenly his username changed from Joe to Suzy and starts sending
rather angry emails, which I cannot really blame him for.
The problem seems to appear more often if the site is under heavier load.

> There was a similar thread awhile ago where somebody was getting messed
> up md5sums and bad session id's with Django. IIRC it was some sort of
> library conflict between md5.so and libmhash.so. Take a look in the mail
> archives and see if you can find some help there:

I looked at it I don't have libmash and my keys look like this
03d7f9b948174de277941ecf67feb7ee
which seems normal to me.
I went over the django code and I see that they make sure to
1. randomize the cookie key
2. check if such key exists in db before they send it to user in a cookie.

> http://www.modpython.org/pipermail/mod_python/2006-June/021482.html
> http://www.modpython.org/pipermail/mod_python/2006-July/021544.html
>
> Jim
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
>


-- 
Jakub Labath

More information about the Mod_python mailing list