Django (Python) problem with sessionid

Question

I am having a problem with sessionid: request.session.session_key Generates a key every page refresh / form submission.

While this: request.COOKIES[settings.SESSION_COOKIE_NAME] complains that 'sessionid' key is not found.

Am I missing something? I need a "key" that is persistent across page requests on my site. I need it to persist even when the browser is closed/3 weeks, etc. How would I do this is Django?

Do I need to configure something? If I am misunderstanding something regarding the sessionid and how it is generated, please correct me.

Thanks for your replies.

Regards, W

My settings.py is: http://pastebin.com/G9qnD9En

Answer 1

It sounds like your browser is not accepting the session cookies that Django is sending.

Your browser should be able to tell you what cookies are being set with a page response from your application. Check to see that a 'sessionid' cookie is actually being sent, and that the domain and path are correct.

If you have SESSION_COOKIE_DOMAIN or SESSION_COOKIE_PATH set incorrectly in your settings.py file, they may be causing Django to set cookies in the browser that are not being returned to the server.

If you want to verify your whole setup, start by reading this: http://docs.djangoproject.com/en/1.2/topics/http/sessions/

In a nutshell, you need to:

• have 'django.contrib.sessions' in your INSTALLED_APPS;
• have 'django.contrib.sessions.middleware.SessionMiddleware' in MIDDLEWARE_CLASSES; and
• on a production server, you may need to set SESSION_COOKIE_DOMAIN and SESSION_COOKIE_PATH to interact well with other web applications on the same domain or related domains.

Edit:

Having looked at your pasted settings, I can see that there are two different things going on, each of which is enough to stop the session cookies from working.

1. SESSION_COOKIE_DOMAIN is set to "mydomain.com"

   A cookie for a generic TLD requires that the "domain" part contain at least two period (".") separators in it. This stops people from setting cookies for domains like ".com". (Cookies for domains under country-level jurisdiction, I believe, require three periods.)

   Change this to ".mydomain.com" and it should be returned by the browser.

   In development (running on your local machine, at 127.0.0.1), leave this setting blank, or your browser won't accept the cookie at all.

2. SESSION_COOKIE_PATH is set to "/tmp"

   This looks like a mistake, unless your web application is hosted at "http://mydomain.com/tmp/"

   SESSION_COOKIE_PATH is used to indicate the "path" component of the cookie, i.e., the URL prefix under which the cookie will be returned to the server. This lets you host one application at "mydomain.com/firstapp/" and another at "mydomain.com/secondapp/", and you can be sure that the "sessionid" cookies will not be confused between them.

   If you only have one application hosted under this domain name, then leave it blank, and it will default to "/" (the entire domain)

   To control where Django stores session data on your filesystem (which is what it looks like you're trying to do), you can use the SESSION_FILE_PATH setting. By default, it is set to "/tmp/" anyway, so you shouldn't need to set it at all.

Answer 2

I had a similar problem, and I fixed it by setting SESSION_COOKIE_NAME to something other than the default 'sessionid'. I think google analytics might have been clobbering the cookie somehow.