I have a user of my app that is unable to log in with his (Ubuntu)
Firefox browser. He can log in with Chrome, and others can log in with
various flavors of Firefox. He's cleared his caches, cleared his
cookies, and done all sorts of similar browser cleansing things.
I found that his session._formkey[login] does not match his submitted
_formkey. I've determined that form.accepts is returning false, and
doing so at the test of the two _formkey variables.
I put a few lines of syslog into db.py and gluon/tools.py and logged
this:
Apr 27 09:46:35 cloud1 apache2: db.py:328:session: <Storage {'auth':
None}>
Apr 27 09:46:35 cloud1 apache2: db.py:329:auth: None
Apr 27 09:46:35 cloud1 apache2: gluon/tools.py:1441:before form
accepted. form.vars: <Storage {}>
Apr 27 09:46:36 cloud1 apache2: db.py:328:session: <Storage {'auth':
None, '_formkey[login]': '7fc06654-b766-4427-becf-212a27094483',
'_secure': True}>
Apr 27 09:46:36 cloud1 apache2: db.py:329:auth: None
Apr 27 09:46:36 cloud1 apache2: gluon/tools.py:1441:before form
accepted. form.vars: <Storage {}>
Now, he types in a valid userid and password, and submits.
---Above shows the _formkey in the session 7fc0... Below, on the
submit, the session now has formkey ad22... Yet the request.vars
still has 7fc0...
Apr 27 09:48:52 cloud1 apache2: db.py:328:session: <Storage
{'_formkey[login]': 'ad2250fa-b3f6-4c23-8672-6b89b38e079f', 'auth':
None, '_secure': True}>
Apr 27 09:48:52 cloud1 apache2: db.py:329:auth: None
Apr 27 09:48:52 cloud1 apache2: gluon/tools.py:1441:before form
accepted. form.vars: <Storage {'username': 'cust1', '_formkey':
'7fc06654-b766-4427-becf-212a27094483', 'password': '*****',
'_formname': 'login', '_next': '/InsuranceInventory/default/index'}>
So on submit, something reset his session._formkey
-- having had form.accepts() returned false, tools now returns a new
form, having installed a new formkey in both the session and the form
(as confirmed by the user).
Apr 27 09:48:53 cloud1 apache2: db.py:328:session: <Storage {'auth':
None, '_formkey[login]': 'c1e58888-82fc-4748-b973-8306e246ffe6',
'_secure': True}>
Apr 27 09:48:53 cloud1 apache2: db.py:329:auth: None
Apr 27 09:48:53 cloud1 apache2: gluon/tools.py:1441:before form
accepted. form.vars: <Storage {}>
-- but when the form submits, the session._formkey[login] has changed
again, while the user reports that it HASN'T changed in the browser. .
Apr 27 09:49:32 cloud1 apache2: db.py:328:session: <Storage
{'_formkey[login]': 'f83c9ea3-a94b-4748-81f5-5fccf4b353fa', 'auth':
None, '_secure': True}>
Apr 27 09:49:32 cloud1 apache2: db.py:329:auth: NonApr 27 09:49:32
cloud1 apache2: gluon/tools.py:1441:before form accepted. form.vars:
<Storage {'username': 'cust1', '_formkey': 'c1e58888-82fc-4748-
b973-8306e246ffe6', 'password': '*****', '_formname': 'login',
'_next': '/InsuranceInventory/default/index'}>
-- and here is a new formkey applied when the page reloads again.
Apr 27 09:49:33 cloud1 apache2: db.py:328:session: <Storage {'auth':
None, '_formkey[login]': '70382e5c-08d6-4233-924c-90d646c425bd',
'_secure': True}>
Apr 27 09:49:33 cloud1 apache2: db.py:329:auth: None
Apr 27 09:49:33 cloud1 apache2: gluon/tools.py:1441:before form
accepted. form.vars: <Storage {}>
I can't find anyplace where the session is being reset within my
code.
Can anybody tell me how to enable this user/browser? Or where else to
look?
Thanks,
Ed G
