简体繁体 English

Django、mod_python、apache 和古怪的会话

[英]Django, mod_python, apache and wacky sessions

原文 2008-10-03 11:10:04 5 5 python/ django/ apache/ session/ mod-python

I am running a Django through mod_python on Apache on a linux box.我正在 Linux 机器上通过 Apache 上的 mod_python 运行 Django。 I have a custom authentication backend, and middleware that requires authentication for all pages, except static content.我有一个自定义身份验证后端，以及需要对所有页面（静态内容除外）进行身份验证的中间件。

My problem is that after I log in, I will still randomly get the log in screen now and again.我的问题是，在我登录后，我仍然会时不时地随机获取登录屏幕。 It seems to me that each apache process has it's own python process, which in turn has it's own internals.在我看来，每个 apache 进程都有自己的 python 进程，而python进程又具有自己的内部结构。 So as long as I get served by the same process I logged in to, everything is fine and dandy.因此，只要我得到与登录相同的进程的服务，一切都很好。 But if my request gets served by a different apache process, I am no longer authenticated.但是，如果我的请求由不同的 apache 进程提供服务，我将不再经过身份验证。

I have checked the HTTP headers I send with FireBug, and they are the same each time, ie.我检查了我用 FireBug 发送的 HTTP 标头，它们每次都是相同的，即。 same cookie.同样的饼干。

Is this a known issue and are there workarounds/fixes?这是一个已知问题吗？是否有解决方法/修复？

Edit: I have a page that displays a lot of generated images.编辑：我有一个页面显示了很多生成的图像。 Some off these will not display.一些关闭这些将不会显示。 This is because they are too behind the authenticating middleware, so they will randomly put up a login image.这是因为他们太落后于认证中间件，所以他们会随机放一个登录图像。 However, refreshing this page enough times, and it will eventually work, meaning all processes recognize my session.但是，刷新此页面足够多次，它最终会起作用，这意味着所有进程都能识别我的会话。

5 个解决方案

You are correct about how Apache handles the processes, and sometimes you'll get served by a different process.您对 Apache 如何处理进程的看法是正确的，有时您会得到不同的进程的服务。 You can see this when you make a change to your site;当您对网站进行更改时，您可以看到这一点； new processes will pick up the change, but old processes will give you the old site.新流程将接受更改，但旧流程将为您提供旧站点。 To get consistency, you have to restart Apache.要获得一致性，您必须重新启动 Apache。

Assuming a restart doesn't fix the problem, I would guess it's something in the "custom authentication backend" storing part of the authentication in memory (which won't work very well for a web server).假设重新启动不能解决问题，我猜它是“自定义身份验证后端”中的某些内容，将部分身份验证存储在内存中（这对于 Web 服务器来说效果不佳）。 I would try setting MaxRequestsPerChild to 1 in your Apache config and seeing if you still get the login screen.我会尝试在您的 Apache 配置中将MaxRequestsPerChild设置为 1 并查看您是否仍然看到登录屏幕。 If you do, something is being stored in memory, maybe a model not being saved?如果这样做，则内存中正在存储某些内容，也许模型未保存？

Hope that helps!希望有帮助！

PS Just out of curiosity, why are you using a custom authentication backend and a middleware to ensure the user is logged in? PS 出于好奇，您为什么要使用自定义身份验证后端和中间件来确保用户登录？ It seems Django's contrib.auth and @login_required would be easier...似乎 Django 的 contrib.auth 和 @login_required 会更容易...

How to ensure that session is not cleared after Apache restart( or stop and start) ?如何确保在 Apache 重启（或停止和启动）后不会清除会话？

Because when I upgrade my source code and restart Apache, I refresh the web page and there I have to login again.因为当我升级我的源代码并重新启动 Apache 时，我刷新了网页，然后我必须再次登录。 Session is lost.会话丢失。

Session is stored in Memcache. Session 存储在 Memcache 中。 No idea how and why its cleared.不知道它是如何以及为什么被清除的。 How to preserve the session so that the user need not login after the apache restart?如何保留会话以便用户在apache重启后无需登录？

Do you have standard database-driven sessions?你有标准的数据库驱动的会话吗？ Is caching enabled in settings?设置中是否启用了缓存？

I highly recommend you don't set MaxRequestsPerChild to 1, as that would cause so much overhead as each process gets killed off and respawns with every request.我强烈建议您不要将 MaxRequestsPerChild 设置为 1，因为这会导致大量开销，因为每个进程都会被终止并随着每个请求重新生成。

Are you using apaches preform MPM or worker MPM?您使用的是 apaches 预制 MPM 还是工作 MPM？

Take a look at http://docs.djangoproject.com/en/dev/howto/deployment/modpython/?from=olddocs that may give you some help看看http://docs.djangoproject.com/en/dev/howto/deployment/modpython/?from=olddocs可能会给你一些帮助

If you are using some global variables to hold data of your custom authentication session, you need to change this to use either file, database or memcached.如果您使用一些全局变量来保存自定义身份验证会话的数据，则需要将其更改为使用文件、数据库或 memcached。 As stated above mod_python launches few processes and there's no shared memory between them.如上所述，mod_python 启动了几个进程，并且它们之间没有共享内存。

I recommend using memcached for this, also use cookies to store session ID or pass it with as GET parameter so that later you can easily extract session data from the cache.我建议为此使用 memcached，也使用 cookie 来存储会话 ID 或将其作为 GET 参数传递，以便稍后您可以轻松地从缓存中提取会话数据。