Ask him to save the source of the page and send it to you. My guess is that there is an image or other link in the page that is generated incorrectly and forces the browser to reload the same page in background thus resetting the form key.
This for example would cause the behavior: <img src="something" /> On Apr 27, 10:22 am, Ed Greenberg <[email protected]> wrote: > I have a user of my app that is unable to log in with his (Ubuntu) > Firefox browser. He can log in with Chrome, and others can log in with > various flavors of Firefox. He's cleared his caches, cleared his > cookies, and done all sorts of similar browser cleansing things. > > I found that his session._formkey[login] does not match his submitted > _formkey. I've determined that form.accepts is returning false, and > doing so at the test of the two _formkey variables. > > I put a few lines of syslog into db.py and gluon/tools.py and logged > this: > > Apr 27 09:46:35 cloud1 apache2: db.py:328:session: <Storage {'auth': > None}> > Apr 27 09:46:35 cloud1 apache2: db.py:329:auth: None > Apr 27 09:46:35 cloud1 apache2: gluon/tools.py:1441:before form > accepted. form.vars: <Storage {}> > Apr 27 09:46:36 cloud1 apache2: db.py:328:session: <Storage {'auth': > None, '_formkey[login]': '7fc06654-b766-4427-becf-212a27094483', > '_secure': True}> > Apr 27 09:46:36 cloud1 apache2: db.py:329:auth: None > Apr 27 09:46:36 cloud1 apache2: gluon/tools.py:1441:before form > accepted. form.vars: <Storage {}> > > Now, he types in a valid userid and password, and submits. > ---Above shows the _formkey in the session 7fc0... Below, on the > submit, the session now has formkey ad22... Yet the request.vars > still has 7fc0... > > Apr 27 09:48:52 cloud1 apache2: db.py:328:session: <Storage > {'_formkey[login]': 'ad2250fa-b3f6-4c23-8672-6b89b38e079f', 'auth': > None, '_secure': True}> > Apr 27 09:48:52 cloud1 apache2: db.py:329:auth: None > Apr 27 09:48:52 cloud1 apache2: gluon/tools.py:1441:before form > accepted. form.vars: <Storage {'username': 'cust1', '_formkey': > '7fc06654-b766-4427-becf-212a27094483', 'password': '*****', > '_formname': 'login', '_next': '/InsuranceInventory/default/index'}> > > So on submit, something reset his session._formkey > > -- having had form.accepts() returned false, tools now returns a new > form, having installed a new formkey in both the session and the form > (as confirmed by the user). > > Apr 27 09:48:53 cloud1 apache2: db.py:328:session: <Storage {'auth': > None, '_formkey[login]': 'c1e58888-82fc-4748-b973-8306e246ffe6', > '_secure': True}> > Apr 27 09:48:53 cloud1 apache2: db.py:329:auth: None > Apr 27 09:48:53 cloud1 apache2: gluon/tools.py:1441:before form > accepted. form.vars: <Storage {}> > > -- but when the form submits, the session._formkey[login] has changed > again, while the user reports that it HASN'T changed in the browser. . > > Apr 27 09:49:32 cloud1 apache2: db.py:328:session: <Storage > {'_formkey[login]': 'f83c9ea3-a94b-4748-81f5-5fccf4b353fa', 'auth': > None, '_secure': True}> > Apr 27 09:49:32 cloud1 apache2: db.py:329:auth: NonApr 27 09:49:32 > cloud1 apache2: gluon/tools.py:1441:before form accepted. form.vars: > <Storage {'username': 'cust1', '_formkey': 'c1e58888-82fc-4748- > b973-8306e246ffe6', 'password': '*****', '_formname': 'login', > '_next': '/InsuranceInventory/default/index'}> > > -- and here is a new formkey applied when the page reloads again. > > Apr 27 09:49:33 cloud1 apache2: db.py:328:session: <Storage {'auth': > None, '_formkey[login]': '70382e5c-08d6-4233-924c-90d646c425bd', > '_secure': True}> > Apr 27 09:49:33 cloud1 apache2: db.py:329:auth: None > Apr 27 09:49:33 cloud1 apache2: gluon/tools.py:1441:before form > accepted. form.vars: <Storage {}> > > I can't find anyplace where the session is being reset within my > code. > > Can anybody tell me how to enable this user/browser? Or where else to > look? > > Thanks, > > Ed G
