Hi, I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange issue that user sessions were randomly swapped, i.e. I suddenly found myself logged in as a different user. This problem doesn't exist when I was running the Flask dev server. I found a similar question asked in March, 2010 by Ron DuPlain at http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681 However, the thread doesn't say how the problem is solved, if at all. Has anyone else ran into this? What did you do to fix it? Thanks for your help! Tao
Are you using Flask-Login extension? I am using it and wondering if this is related to Flask-Login. Btw another thread about this weird problem is this: http://flask.pocoo.org/mailinglist/archive/2012/8/12/weird-user-cookie-switching-problem/ 2012/9/7 Dong Tao <tao.dong@outlook.com> > Hi, > > I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange > issue that user sessions were randomly swapped, i.e. I suddenly found > myself logged in as a different user. This problem doesn't exist when I was > running the Flask dev server. > > I found a similar question asked in March, 2010 by Ron DuPlain at > http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681However, the thread doesn't say how the problem is solved, if at all. Has > anyone else ran into this? What did you do to fix it? > > Thanks for your help! > > Tao > > > -- Blog'umu okudunuz mu? http://www.ulutas.gen.tr The box said "Requires Windows 95, NT, or better", so I installed Linux.
No, I'm not using any extension to manage sessions and login-process, just the built-in session object. Since this never happend in the dev environment for me, I feel this has something to do with the interactions between mod_wsig and the built-in session management in Flask. Very frustrating. Date: Fri, 7 Sep 2012 22:02:46 +0300 From: 1151986@gmail.com Subject: Re: [flask] Session swapping issue on Apache To: flask@librelist.com Are you using Flask-Login extension? I am using it and wondering if this is related to Flask-Login. Btw another thread about this weird problem is this: http://flask.pocoo.org/mailinglist/archive/2012/8/12/weird-user-cookie-switching-problem/ 2012/9/7 Dong Tao <tao.dong@outlook.com> Hi, I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange issue that user sessions were randomly swapped, i.e. I suddenly found myself logged in as a different user. This problem doesn't exist when I was running the Flask dev server. I found a similar question asked in March, 2010 by Ron DuPlain at http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681 However, the thread doesn't say how the problem is solved, if at all. Has anyone else ran into this? What did you do to fix it? Thanks for your help! Tao -- Blog'umu okudunuz mu? http://www.ulutas.gen.tr The box said "Requires Windows 95, NT, or better", so I installed Linux.
I think it is not related to mod_wsgi, you can eliminate that part. Apache or Nginx, Gunicorn or mod_wsgi - both sets can have this issue. Consider Flask-Login and not using it, I have a hunch that it is related to Flask pickle'ing the session into cookies. Lucky that you are not using Flask-Login (which needs a little update before using this) - try using this snippet http://flask.pocoo.org/snippets/51/ - I guess you can't reproduce the issue but test it for a while and tell us if you encountered the same again. This is all I can suggest, so good luck. 2012/9/7 Dong Tao <tao.dong@outlook.com> > No, I'm not using any extension to manage sessions and login-process, just > the built-in session object. Since this never happend in the dev > environment for me, I feel this has something to do with the interactions > between mod_wsig and the built-in session management in Flask. > Very frustrating. > > ------------------------------ > Date: Fri, 7 Sep 2012 22:02:46 +0300 > From: 1151986@gmail.com > Subject: Re: [flask] Session swapping issue on Apache > To: flask@librelist.com > > > Are you using Flask-Login extension? I am using it and wondering if this > is related to Flask-Login. > > Btw another thread about this weird problem is this: > http://flask.pocoo.org/mailinglist/archive/2012/8/12/weird-user-cookie-switching-problem/ > > 2012/9/7 Dong Tao <tao.dong@outlook.com> > > Hi, > > I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange > issue that user sessions were randomly swapped, i.e. I suddenly found > myself logged in as a different user. This problem doesn't exist when I was > running the Flask dev server. > > I found a similar question asked in March, 2010 by Ron DuPlain at > http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681However, the thread doesn't say how the problem is solved, if at all. Has > anyone else ran into this? What did you do to fix it? > > Thanks for your help! > > Tao > > > > > > > -- > > Blog'umu okudunuz mu? http://www.ulutas.gen.tr > > The box said "Requires Windows 95, NT, or better", so I installed Linux. > -- Blog'umu okudunuz mu? http://www.ulutas.gen.tr The box said "Requires Windows 95, NT, or better", so I installed Linux.
Will try. Thanks! Date: Fri, 7 Sep 2012 22:47:03 +0300 From: 1151986@gmail.com Subject: Re: [flask] Session swapping issue on Apache To: flask@librelist.com I think it is not related to mod_wsgi, you can eliminate that part. Apache or Nginx, Gunicorn or mod_wsgi - both sets can have this issue. Consider Flask-Login and not using it, I have a hunch that it is related to Flask pickle'ing the session into cookies. Lucky that you are not using Flask-Login (which needs a little update before using this) - try using this snippet http://flask.pocoo.org/snippets/51/ - I guess you can't reproduce the issue but test it for a while and tell us if you encountered the same again. This is all I can suggest, so good luck. 2012/9/7 Dong Tao <tao.dong@outlook.com> No, I'm not using any extension to manage sessions and login-process, just the built-in session object. Since this never happend in the dev environment for me, I feel this has something to do with the interactions between mod_wsig and the built-in session management in Flask. Very frustrating. Date: Fri, 7 Sep 2012 22:02:46 +0300 From: 1151986@gmail.com Subject: Re: [flask] Session swapping issue on Apache To: flask@librelist.com Are you using Flask-Login extension? I am using it and wondering if this is related to Flask-Login. Btw another thread about this weird problem is this: http://flask.pocoo.org/mailinglist/archive/2012/8/12/weird-user-cookie-switching-problem/ 2012/9/7 Dong Tao <tao.dong@outlook.com> Hi, I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange issue that user sessions were randomly swapped, i.e. I suddenly found myself logged in as a different user. This problem doesn't exist when I was running the Flask dev server. I found a similar question asked in March, 2010 by Ron DuPlain at http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681 However, the thread doesn't say how the problem is solved, if at all. Has anyone else ran into this? What did you do to fix it? Thanks for your help! Tao -- Blog'umu okudunuz mu? http://www.ulutas.gen.tr The box said "Requires Windows 95, NT, or better", so I installed Linux. -- Blog'umu okudunuz mu? http://www.ulutas.gen.tr The box said "Requires Windows 95, NT, or better", so I installed Linux.
As you have seen, you are not the first person to find this issue. I'm of the opinion that session data should not be stored client side. I know that not everyone agrees with this, but it would be interesting to see if its repeatable using something like redis sessions. On Fri, Sep 7, 2012 at 8:59 PM, Dong Tao <tao.dong@outlook.com> wrote: > Will try. Thanks! > > ------------------------------ > Date: Fri, 7 Sep 2012 22:47:03 +0300 > > From: 1151986@gmail.com > Subject: Re: [flask] Session swapping issue on Apache > To: flask@librelist.com > > I think it is not related to mod_wsgi, you can eliminate that part. Apache > or Nginx, Gunicorn or mod_wsgi - both sets can have this issue. Consider > Flask-Login and not using it, I have a hunch that it is related to Flask > pickle'ing the session into cookies. > > Lucky that you are not using Flask-Login (which needs a little update > before using this) - try using this snippet > http://flask.pocoo.org/snippets/51/ - I guess you can't reproduce the > issue but test it for a while and tell us if you encountered the same > again. > > This is all I can suggest, so good luck. > > 2012/9/7 Dong Tao <tao.dong@outlook.com> > > No, I'm not using any extension to manage sessions and login-process, just > the built-in session object. Since this never happend in the dev > environment for me, I feel this has something to do with the interactions > between mod_wsig and the built-in session management in Flask. > Very frustrating. > > ------------------------------ > Date: Fri, 7 Sep 2012 22:02:46 +0300 > From: 1151986@gmail.com > Subject: Re: [flask] Session swapping issue on Apache > To: flask@librelist.com > > > Are you using Flask-Login extension? I am using it and wondering if this > is related to Flask-Login. > > Btw another thread about this weird problem is this: > http://flask.pocoo.org/mailinglist/archive/2012/8/12/weird-user-cookie-switching-problem/ > > 2012/9/7 Dong Tao <tao.dong@outlook.com> > > Hi, > > I was running Flask on Apache2 with Mod_WSGI 3.3, and I ran into a strange > issue that user sessions were randomly swapped, i.e. I suddenly found > myself logged in as a different user. This problem doesn't exist when I was > running the Flask dev server. > > I found a similar question asked in March, 2010 by Ron DuPlain at > http://flask.pocoo.org/mailinglist/archive/2012/3/9/session-swapping-running-flask-in-apache/#9d7db229c98c40360f4bcee028ae2681However, the thread doesn't say how the problem is solved, if at all. Has > anyone else ran into this? What did you do to fix it? > > Thanks for your help! > > Tao > > > > > > > -- > > Blog'umu okudunuz mu? http://www.ulutas.gen.tr > > The box said "Requires Windows 95, NT, or better", so I installed Linux. > > > > > -- > > Blog'umu okudunuz mu? http://www.ulutas.gen.tr > > The box said "Requires Windows 95, NT, or better", so I installed Linux. >
Perhaps using the better client-side sessions will fix it? http://flask.pocoo.org/snippets/51/ Cheers, Lars
This problem appears to be gone, since I switched to the better client-side sessions described in the snippet. Thanks, Tao > Date: Sun, 16 Sep 2012 16:27:52 +0800 > From: romabysen@gmail.com > Subject: Re: [flask] Session swapping issue on Apache > To: flask@librelist.com > > Perhaps using the better client-side sessions will fix it? > http://flask.pocoo.org/snippets/51/ > > Cheers, > Lars