New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Login/Logout API endpoints not sending/clearing django sessionid cookie #442
Comments
I have verified that in both the login/logout cases, no changes are made to the |
I also checked the create account functionality, and I am able to create user accounts. Hitting the |
After further setting of breakpoints and debugging, it looks like |
Perhaps using the wrong authentication backend? Here is my
|
After deleting all existing user sessions from the |
OK, I've identified the problem - as I suspected, the The cookie does get set when logging in via the admin console, (verified with chrome dev tools), but not the However, when performing a |
The login problem was one on my frontend - I was not including credentials with the API client I was using. After including them, the login endpoint now works. However, I'm still getting a 403 error when I hit the logout endpoint, and I am not sure why. It's especially weird because there is no 403 error defined in the
|
Sure enough, the |
I've tracked this down to a CSRF token missing error by creating a piece of middleware that logs the content of django responses in the runserver console. Not a |
EDITED
TLDR: Part of the problem was that I was not including credentials on my frontend, and this got the login method working. However, I am still unable to get the logout function to work
I have followed the installation instructions, and am trying to use
dj-rest-auth
with a react SPA. It appears to be partly working, as when I log in via the django admin console, and I make aGET
request to/api/account/user/
(my user endpoint fordj-rest-auth
), I get back the user info which corresponds to my user. This makes me think nothing is wrong with at least the basic configuration ofdj-rest-auth
. When I log out from the admin console and hit the same endpoint, I get a 403 response with a JSON response that tells me no user is logged in. Great.However, the login/logout endpoints don't appear to be working. When I log in via the django admin console, and then I hit the logout endpoint with my SPA, it does not log me out. The django server tells me the request was good:
But I am still logged in to the console, and no change was made to the
Session
model database.Similarly, when I hit the
login
endpoint with a POST request, using exactly the same username/password as I use in the admin console, it does not log me in. However, the login request gives me back a 200 response:which seems odd.
dj-rest-auth
seems to think that it's working, but for some reason it doesn't appear to be attaching / detaching users from sessions. Any ideas as to why this might be, or how to debug it further?The text was updated successfully, but these errors were encountered: