I figured out the issue. The django_sessions database *does* get updated with entries when a login is successfully attempted. I'm not entirely sure why I initially observed that it wasn't. I may have been checking the wrong database. This is not an issue with django. I have tracked down the underlying issue to be that the cookies and CSRF tokens were not being transmitted on request/responses - this was an issue in my frontend. Now (almost) fixed.
On Sat, Oct 22, 2022 at 11:05 AM Jordan <[email protected]> wrote: > So I have some rather bizarre behavior on my hands - I am trying to use > session authentication to login a user. I am able to login/logout through > the django admin console just fine. However, when I explicitly call > django.contrib.auth.login(), nothing happens. No errors are thrown, the > login method executes to completion, but I am not logged in. I can tell > because (1) When re-loading the user admin console it asks me to > authenticate and (2) no changes are made to the Session object database. It > looks exactly the same before the login call as after the login call. > > The same is true of logging out - neither method appears to be > attaching/detaching users to sessions. I have replicated this behavior with > non-superusers. No errors are ever thrown, but no sessions are ever added > or deleted. This is utterly bizarre to me - and I don't know what to do. > Any suggestions for debugging would be immensely helpful - obviously > authentication is a critical part of our application, and I can't move on > until I fix this. > > I have uploaded my settings.py in a repo below. Some notes on my > configuration - I am using the email field as my username, and am using > dj-rest-auth <https://dj-rest-auth.readthedocs.io/en/latest/index.html> > for authentication. There seems to be nothing wrong with dj-rest-auth: when > I pass in a valid email/password combination, it successfully calls > django's authenticate() method, which creates a valid user object, and then > passes it to django.contrib.auth.login() along with the request. No > exceptions are thrown inside the login() function - which I verified by > stepping through it line-by-line with breakpoints. I am using the default > runserver command as my django server. > > Where is the actual code in the login() function that makes changes to the > database? The only thing I can think of is that somehow the > user_logged_in.send() signal is responsible, but this doesn't appear to be > directly attached to any code I can find that could plausibly make database > modifications. > > https://github.com/edmundsj/django_auth_debug > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/1a73c0d9-da20-4d7e-8d65-50c279ccd5f2n%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/1a73c0d9-da20-4d7e-8d65-50c279ccd5f2n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJkO6Yz%2BhSVo%2B0TH74AW%3DdyQhpPfBsoYW4Gxcv8cKf%3DEZmEqrA%40mail.gmail.com.
