django provide same session everywhere
I'm working on a django app which use an external base to authenticate user. After login, some informations are retrieved to the session. The issue is that this initialized session is the same with the same session_id whatever the browser or the desktop I use without re-authenticate...
def login(request): if request.method == 'POST': login = request.POST["login"] password = request.POST["password"] #do something to authenticate by requesting an url request.session['infos'] = #infos string recieved return HttpResponseRedirect(reverse('WebSite:index'))
MIDDLEWARE_CLASSES contains django.contrib.sessions.middleware.SessionMiddleware
SESSION_ENGINE = "django.contrib.sessions.backends.db"
INSTALLED_APPS contains django.contrib.sessions
An other effect of this is that after being authenticated somewhere, I get a CSRF failure when I try elsewhere...
Thanks for helping me!
The answer was in the cache:
The cache made django provide the same cookie at every request with the same session_id. So I deactivacted it until I set the cache with better settings.