session creation issue

Question

session creation issue

pwnedDesal opened this issue 8 years ago · comments

Hi, Whenever i authenticate myself using my credentials in sleepy-puppy web interface, My browser is alway redirected back to http://sleepy-puppy-ip/login/ and sometimes i get 403 forbidden error. i seem the session is not created.

Patrick Kelley · Answer 1 · Fri Aug 05 2016 12:05:03 GMT+0800 (China Standard Time)

Interesting. I'm not sure why it would do that.

Have you tried creating a second user with the manage.py command?

https://github.com/Netflix/sleepy-puppy/blob/master/manage.py#L58

Adrian Belen · Answer 2 · Fri Aug 05 2016 12:58:19 GMT+0800 (China Standard Time)

problem solve thank you ! 💃

Adrian Belen · Answer 3 · Fri Aug 05 2016 16:10:52 GMT+0800 (China Standard Time)

The problem occurs again after a few hours and the proposed solution(creating new user) doesn't solve the problem anymore :( . I currently trying sleepy-puppy via c9.io

Patrick Kelley · Answer 4 · Sat Aug 06 2016 01:28:31 GMT+0800 (China Standard Time)

Hey @DeadStar1,

I'm wondering if c9.io is clearing the database after some period of time. I'd connect to the DB and look through the user table. Do that once when it's working, and once when it's broken. My hunch is that the DB is getting reset on you.

Adrian Belen · Answer 5 · Sat Aug 06 2016 08:06:36 GMT+0800 (China Standard Time)

I don't think so. When i create a user with a username, that already exists in the database, using manage.py. manage.py says user already exists! so c9.io does not clearing the database.

Sometimes the bug is triggered, sometimes not.

Scott Behrens · Answer 6 · Thu Aug 11 2016 02:43:24 GMT+0800 (China Standard Time)

A proxy log of the requests would be helpful, if you can please use Burpsuite and record your proxy history during the login issues/403 forbidden. If you can send me that log it should help with troubleshooting. Alternatively if you have information you need to redact, maybe take some screenshots of the Burp proxy log.

Adrian Belen · Answer 7 · Thu Aug 18 2016 22:38:09 GMT+0800 (China Standard Time)

HTTP Request

HTTP Response after an authentication

Console Log

Scott Behrens · Answer 8 · Thu Aug 18 2016 23:32:31 GMT+0800 (China Standard Time)

Do you have a TLS certificate configured and is the server listening on 443?

Adrian Belen · Answer 9 · Fri Aug 19 2016 08:37:57 GMT+0800 (China Standard Time)

I also installed sleepy-puppy in codeanywhere.com the same result was happened

Scott Behrens · Answer 10 · Fri Aug 19 2016 08:54:54 GMT+0800 (China Standard Time)

Looking back over your screenshots it looks like one of the POST requests results in a 400 HTTP error. Something may be in the logs, could you perform the same authentication flow and send me over your nginx error log as well as any errors in sleepypuppy.log (in the root of the folder).

Scott Behrens · Answer 11 · Fri Aug 19 2016 08:57:07 GMT+0800 (China Standard Time)

Also if you can provide the request/response screenshots for whatever call to /login is resulting in the 400 that would also be helpful!

Scott Behrens · Answer 12 · Wed Aug 24 2016 08:22:18 GMT+0800 (China Standard Time)

Hi @DeadStar1, just circling back on this. Are you still having the same problem?

Adrian Belen · Answer 13 · Wed Aug 24 2016 10:52:31 GMT+0800 (China Standard Time)

look like there is no issue anymore. thanks