python - Unable log in to the django admin page with a valid username and password

68
votes

I can’t log in to the django admin page. When I enter a valid username and password, it just brings up the login page again, with no error messages

This question is in the django FAQ, but I've gone over the answers there and still can't get past the initial login screen.

I'm using django 1.4 on ubuntu 12.04 with apache2 and modwsgi.

I've confirmed that I'm registering the admin in the admin.py file, made sure to syncdb after adding INSTALLED_APPS. When I enter the wrong password I DO get an error, so my admin user is being authenticated, just not proceeding to the admin page.

I've tried both setting SESSION_COOKIE_DOMAIN to the machine's IP and None. (Confirmed that the cookie domain shows as the machine's IP in chrome)

Also, checked that the user authenticates via the shell:

>>> from django.contrib.auth import authenticate
>>> u = authenticate(username="user", password="pass")
>>> u.is_staff
True
>>> u.is_superuser
True
>>> u.is_active 
True

Attempted login using IE8 and chrome canary, both results in the same return to the login screen.

Is there something else I'm missing????

settings.py

...
MIDDLEWARE_CLASSES = (
    'django.middleware.gzip.GZipMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.middleware.transaction.TransactionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
)
AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
INSTALLED_APPS = (
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.admin',    
    'django.contrib.staticfiles',
    'django.contrib.gis',
    'myapp.main',
)

SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_SAVE_EVERY_REQUEST = True
SESSION_COOKIE_AGE = 86400 # sec
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_NAME = 'DSESSIONID'
SESSION_COOKIE_SECURE = False

urls.py

from django.conf.urls.defaults import * #@UnusedWildImport
from django.contrib.staticfiles.urls import staticfiles_urlpatterns
from django.contrib import admin

admin.autodiscover()

urlpatterns = patterns('',
    (r'^bin/', include('myproject.main.urls')),    
    (r'^layer/r(?P<layer_id>\d+)/$', "myproject.layer.views.get_result_layer"),
    (r'^layer/b(?P<layer_id>\d+)/$', "myproject.layer.views.get_baseline_layer"),
    (r'^layer/c(?P<layer_id>\d+)/$', "myproject.layer.views.get_candidate_layer"),    
    (r'^layers/$', "myproject.layer.views.get_layer_definitions"),
    (r'^js/mapui.js$', "myproject.layer.views.view_mapjs"),
    (r'^tilestache/config/$', "myproject.layer.views.get_tilestache_cfg"),
    (r'^admin/', include(admin.site.urls)),  
    (r'^sites/', include("myproject.sites.urls")),  
    (r'^$', "myproject.layer.views.view_map"),
)


urlpatterns += staticfiles_urlpatterns()

Apache Version:

Apache/2.2.22 (Ubuntu) mod_wsgi/3.3 Python/2.7.3 configured

Apache apache2/sites-available/default:

<VirtualHost *:80>
        ServerAdmin ironman@localhost
        DocumentRoot /var/www/bin
        LogLevel warn
        WSGIDaemonProcess lbs processes=2 maximum-requests=500 threads=1
        WSGIProcessGroup lbs
        WSGIScriptAlias / /var/www/bin/apache/django.wsgi
        Alias /static /var/www/lbs/static/
</VirtualHost>
<VirtualHost *:8080>
        ServerAdmin ironman@localhost
        DocumentRoot /var/www/bin
        LogLevel warn
        WSGIDaemonProcess tilestache processes=2 maximum-requests=500 threads=1
        WSGIProcessGroup tilestache
        WSGIScriptAlias / /var/www/bin/tileserver/tilestache.wsgi
</VirtualHost>

UPDATE

The admin page does proceed when using the development server via runserver so it seems like a wsgi/apache issue. Still haven't figured it out yet.

SOLUTION

The problem was that I had the settings file SESSION_ENGINE value set to 'django.contrib.sessions.backends.cache' without having the CACHE_BACKEND properly configured.

I've changed the SESSION_ENGINE to 'django.contrib.sessions.backends.db' which resolved the issue.

20
pythondjangologinadminmod-wsgi
Have you tried moving django.middleware.csrf.CsrfViewMiddleware before django.contrib.auth.middleware.AuthenticationMiddleware ?Brandon
Does it work when you're running it from ./manage.py runserver (i.e. not over mod_wsgi)?supervacuo
Are you actually failing to authenticate? You could be 'logged in' but still looking at the login form.John Mee
@monkut could you try it without WSGI in the equation (see above)?supervacuo
Are you running this on your local machine or as a valid domain? If it's a domain, try setting the SESSION_COOKIE_DOMAIN setting to that instead of your computer's IP address. If it's on your local machine, try setting it to the loopback address of 127.0.0.1.Thomas

20 Answers

62
votes

Steps to debug:

  • Make sure that your Database is synced
    • Double check that you have a django_session table
  • Try to authenticate
    • Do you see a record being created in the django_session table?

IF NOT

  • remove non-standard settings
    • AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
    • SESSION_EXPIRE_AT_BROWSER_CLOSE = True
    • SESSION_SAVE_EVERY_REQUEST = True
    • SESSION_COOKIE_AGE = 86400 # sec
    • SESSION_COOKIE_DOMAIN = None
    • SESSION_COOKIE_NAME = 'DSESSIONID'
    • SESSION_COOKIE_SECURE = False
  • Make sure that your Database is synced
    • Double check that you have a django_session table
  • Try to authenticate
    • Do you see a record being created in the django_session table?

Let me know if this turns up any useful debug.

Sample settings file: https://github.com/fyaconiello/Django-Blank-Bare-Bones-CMS/blob/master/dbbbcms/settings.py

19
votes
>>> from django.contrib.auth import authenticate
>>> u = authenticate(username="user", password="pass")
>>> u.is_staff = True
>>> u.is_superuser = True

Is there something else I'm missing?

u.is_active should be True

12
votes

I had this problem. The issue is that in production I set two variables to True that allowed me to connect to the site using https.

SESSION_COOKIE_SECURE and CSRF_COOKIE_SECURE should be set to False if you are developing on localhost http. Changing these two variables to False allowed me to sign into the admin site when developing locally.

3
votes

I don't believe the admin password is stored in the settings.py file. It's created when you first syncdb. I am thinking you either skipped creating the superuser or just made a typo. Try running in terminal at your projects root.:

python django-admin.py createsuperuser

That will allow you to retype your admin login. Also seen here https://docs.djangoproject.com/en/dev/ref/django-admin/

3
votes

We had a similar issue in our app and these might help:

  1. Use cleanup command to clear older sessions from django_sessions

  2. Check the cookie size in firefox(firebug) or chrome developer tools. Because messaging is enabled by default in admin(django.contrib.messages.middleware.MessageMiddleware), the cookie size sometimes get larger than 4096 bytes with multiple edits and deletes. One quick test is to delete the "message" cookie and see if you can login after that.

And we actually ended up switching to nginx/uwsgi route because of this and other memory related issues with apache. Haven't seen this repeated in nginx since.

3
votes

After not being able to log in myself, I saw in the comment above someone mentioned about removing non-standard settings.

Adding this to my local settings solved it for me

SESSION_COOKIE_SECURE = False

2
votes

sounds like a session problem because after the post you get redirected and immediately the system has forgotten that you logged in.

try the following:

  1. check your session backend is working.
  2. swap it with cache backend if you use db cache backend to check if transaction middleware is messing around.
  3. try db backend and check if there are sessions stored in the db table
1
votes

I'm not exactly sure, but the problem might be with your URL configuration, concretely in these two lines:

(r'^admin/', include(admin.site.urls)),  
(r'^sites/', include("myproject.sites.urls")),

A longer time ago, I had trouble with browsing the admin of my Django project because a single URL configuration overwrote a part of the admin url. It seems that Django doesn't like it when you specify a custom URL configuration that contains elements which are also part of the admin URL. In your case, you have the app django.contrib.sites enabled in your settings.py. You can access the admin panel of this app by going to http://127.0.0.1:8000/admin/sites/. It might be that your URL configuration with r'^sites/' in it overrides a part of the admin url. Try renaming this specific URL configuration or disable django.contrib.sites in INSTALLED_APPS for testing purposes.

Please note that this is just an assumption. All I know is that Django's admin panel is a bit picky about URL configurations using similar names like its own URLs. I cannot test it myself at the moment. But maybe this helps you a bit.

1
votes

Did you try by creating the user with :

python manage.py createsuperuser

I have the same issue when I create the db on a test machine and migrate it to the deployment server...

1
votes

Check that you have at least one site to work with. 

>>> from django.contrib.sites.models import Site
>>> Site.objects.count()
(0.048) SELECT COUNT(*) FROM `django_site`; args=()
1

If you see 0 here - create one.

1
votes

Checking some other articles on this topic, it could be related to sys.path. Can you check and compare sys.path when running the dev server and when running WSGI.

For some details, have a look this and that article. But I would check the sys.path first, before going into the details of this article.

1
votes

Make sure your database user table having following entry is true:

is_staff  => True  (if exit).
is_active  => True .
is_superuser => True.
0
votes

Disclaimer: I cannot add comments yet, so I have to ask clarification here proposing a solution at the same time. Sorry for that.

Is the user logged-out immediately after logging-in? something like this issue

You can check it in many ways, I suggest to add a hook to the logout signal (you can put it in your models.py):

from django.contrib.auth.signals import user_logged_out

def alertme(sender, user, request, **kwargs):
    print ("USER LOGGED OUT!") #or more sophisticate logging

user_logged_out.connect(alertme)

then try to log in and check if the message appears in your console. If it appears, then you have to check if you have a redirect or a customized template calling logout after login. Hope it helps you find the issue.

0
votes

I had same problem and it was just solved after restarting server :

systemctl restart nginx
0
votes

You can ensure, the created user has been flagged as Is_staff = True, I sometimes forget to flag this to allow users to login to django admin

0
votes

I had a related issue where I'd try to log in and the page would hang before the socket would eventually be killed. It turned out that I was indeed being logged in, but one of the login signal processors was freezing.

Celery couldn't pass its asynchronous tasks to RabbitMQ because the RabbitMQ server wasn't able to start.

0
votes

For me, I could not login to the admin page in firefox but could login in chrome. The problem was that I had CSRF_COOKIE_PATH set in my settings.py. Never use that. It does not not work properly on django 1.8.

0
votes

What I did was to navigate manually to the url I wanted to visit. So like: http://wildlifeapi.herokuapp.com/admin/ was returning the awful Heroku application error.

So what I did was to visit http://wildlifeapi.herokuapp.com/admin/api/animal/ and BINGO! it worked.

The funny thing is that it works well on my phone. It's probably a django redirection bug.

0
votes

My issue was that My Admin Page was not loading and not working. Here is what I did:

pip uninstall django
pip install django==2.2

For more Detail Check Django Documentation.

-1
votes

Use some other virtual environment.it worked for me when i used conda environment.