Why does Django not generate CSRF or Session Cookies behind a Varnish Proxy?

2024/9/30 11:31:38

Running Django 1.2.5 on a Linux server with Apache2 and for some reason Django seems like it cannot store CSRF or Session cookies. Therefore when I try to login to the Django admin it gives me a CSRF verification error upon submitting the login form. Has anyone come up against this and found a solution?

I AM able to make a valid post when i try this at the url of my VPS that was provided by my host. Example: vps123.hostdomain.com/admin/ and for that domain the cookies DO get set. However, when I go to www.sitedomain.com/admin/ and try to login I get a CSRF 403 error saying the cookie is not there and when I check in my browsers cookies they are not set.

I have tried setting the following in my settings file:

SESSION_COOKIE_DOMAIN = 'www.sitedomain.com'
CSRF_COOKIE_DOMAIN = 'www.sitedomain.com'

Also tried:

SESSION_COOKIE_DOMAIN = 'vps123.hostdomain.com'
CSRF_COOKIE_DOMAIN = 'vps123.hostdomain.com'

I have 'django.middleware.csrf.CsrfViewMiddleware' added to my MIDDLEWARE_CLASSES in settings.py and there is a CSRF token in the form and it shows up in the POST.

I have cookies enabled. I have tried this on multiple browsers and machines.

There is a varnish proxy server sitting in front of www.sitedomain.com that I think may be part of the problem. Anyone with experience using proxy servers and Django may be able to shed some light on that.

My apache2 config:

NameVirtualHost *:80<VirtualHost *:80>ServerName www.sitedomain.comServerAlias www.sitedomain.com<Location "/">Options FollowSymLinksSetHandler python-programPythonInterpreter nzsitePythonHandler django.core.handlers.modpythonPythonDebug OnPythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"SetEnv DJANGO_SETTINGS_MODULE project_one.settings</Location><location "/phpmyadmin">SetHandler None</location>
</VirtualHost><VirtualHost *:80>ServerName othersite.sitedomain.comServerAlias othersite.sitedomain.com<Location "/">Options FollowSymLinksSetHandler python-programPythonInterpreter ausitePythonHandler django.core.handlers.modpythonPythonDebug OnPythonPath "['/var/www/django_projects', '/var/www', '/usr/lib/python2.6/dist-packages'] + sys.path"SetEnv DJANGO_SETTINGS_MODULE project_two.settings</Location><location "/phpmyadmin">SetHandler None</location>
</VirtualHost>
Answer

The problem was that I have a Varnish Proxy server in front of my site. Varnish was taking requests and stripping cookies from them. To fix this I had to have the company that is managing the Varnish Server add '/admin' to a list of exceptions so that cookies could be passed. Sorry I can't shed more light on how the Varnish process works.

https://en.xdnf.cn/q/71090.html

Related Q&A

Shared state with aiohttp web server

My aiohttp webserver uses a global variable that changes over time:from aiohttp import web shared_item = blaasync def handle(request):if items[test] == val:shared_item = doedaprint(shared_item)app =…
READ MORE...

ModuleNotFoundError: No module named matplotlib.pyplot

When making a plot, I used both Jupyter Notebook and Pycharm with the same set of code and packages. The code is: import pandas as pd import numpy as np import matplotlib.pyplot as plt # as in Pycha…
READ MORE...

python linux - display image with filename as viewer window title

when I display an image with PIL Image it opens an imagemagick window but the title is some gibberish name like tmpWbfj48Bfjf. How do I make the image filename to be the title of the viewer window?
READ MORE...

Request body serialization differences when lambda function invoked via API Gateway v Lambda Console

I have a simple API set up in AWS API Gateway. It is set to invoke a Python 2.7 lambda function via API Gateway Proxy integration.I hit a strange error in that the lambda worked (processed the body co…
READ MORE...

Determining a homogeneous affine transformation matrix from six points in 3D using Python

I am given the locations of three points:p1 = [1.0, 1.0, 1.0] p2 = [1.0, 2.0, 1.0] p3 = [1.0, 1.0, 2.0]and their transformed counterparts:p1_prime = [2.414213562373094, 5.732050807568877, 0.7320508075…
READ MORE...

Split datetime64 column into a date and time column in pandas dataframe

If I have a dataframe with the first column being a datetime64 column. How do I split this column into 2 new columns, a date column and a time column. Here is my data and code so far:DateTime,Actual,Co…
READ MORE...

Django - Setting date as date input value

Im trying to set a date as the value of a date input in a form. But, as your may have guessed, its not working.Heres what I have in my template:<div class="form-group"><label for=&qu…
READ MORE...

ReduceLROnPlateau gives error with ADAM optimizer

Is it because adam optimizer changes the learning rate by itself. I get an error saying Attempting to use uninitialized value Adam_1/lr I guess there is no point in using ReduceLRonPlateau as Adam wil…
READ MORE...

How to make add replies to comments in Django?

Im making my own blog with Django and I already made a Comments system.. I want to add the replies for each comment (like a normal comments box) and I dont know what to do this is my current models.py …
READ MORE...

Which Regular Expression flavour is used in Python?

I want to know which RegEx-flavour is used for Python? Is it PCRE, Perl compatible or is it ICU or something else?
READ MORE...
Latest Q&A

Copyright @ 2022~2023