I figured out the issue. The django_sessions database *does* get updated with entries when a login is successfully attempted. I'm not entirely sure why I initially observed that it wasn't. I may have been checking the wrong database. This is not an issue with django. I have tracked down the underlying issue to be that the cookies and CSRF tokens were not being transmitted on request/responses - this was an issue in my frontend. Now (almost) fixed.
On Sat, Oct 22, 2022 at 11:05 AM Jordan <jor...@axlemobility.com> wrote: > So I have some rather bizarre behavior on my hands - I am trying to use > session authentication to login a user. I am able to login/logout through > the django admin console just fine. However, when I explicitly call > django.contrib.auth.login(), nothing happens. No errors are thrown, the > login method executes to completion, but I am not logged in. I can tell > because (1) When re-loading the user admin console it asks me to > authenticate and (2) no changes are made to the Session object database. It > looks exactly the same before the login call as after the login call. > > The same is true of logging out - neither method appears to be > attaching/detaching users to sessions. I have replicated this behavior with > non-superusers. No errors are ever thrown, but no sessions are ever added > or deleted. This is utterly bizarre to me - and I don't know what to do. > Any suggestions for debugging would be immensely helpful - obviously > authentication is a critical part of our application, and I can't move on > until I fix this. > > I have uploaded my settings.py in a repo below. Some notes on my > configuration - I am using the email field as my username, and am using > dj-rest-auth <https://dj-rest-auth.readthedocs.io/en/latest/index.html> > for authentication. There seems to be nothing wrong with dj-rest-auth: when > I pass in a valid email/password combination, it successfully calls > django's authenticate() method, which creates a valid user object, and then > passes it to django.contrib.auth.login() along with the request. No > exceptions are thrown inside the login() function - which I verified by > stepping through it line-by-line with breakpoints. I am using the default > runserver command as my django server. > > Where is the actual code in the login() function that makes changes to the > database? The only thing I can think of is that somehow the > user_logged_in.send() signal is responsible, but this doesn't appear to be > directly attached to any code I can find that could plausibly make database > modifications. > > https://github.com/edmundsj/django_auth_debug > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/1a73c0d9-da20-4d7e-8d65-50c279ccd5f2n%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/1a73c0d9-da20-4d7e-8d65-50c279ccd5f2n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJkO6Yz%2BhSVo%2B0TH74AW%3DdyQhpPfBsoYW4Gxcv8cKf%3DEZmEqrA%40mail.gmail.com.
