Permissions issue after opening an uploaded graph through UI

[jlaw9]

Steps to recreate issue:

1. Go to http://graphspace.org/upload
2. Enter a name and select a network (cyjs or JSON) file
3. Click submit.
4. Click the link generated on the page to view your uploaded graph
   • User is greeted with a great "you don't have permission to view this graph" message
5. Remove "www." from the url. Graph is now viewable

[sanket0211]

Hi @jlaw9, I tried to recreate the issue, but was unsuccessful. Can you please give me more details on it which can help recreate this issue? When you click on the link, please make sure that you are logged in the account from which you uploaded the graph, else you will get something like this.

Thank you.

[jahandaniyal]

@sanket0211 If the user uploads a graph without logging in to his account, then the graph is uploaded as Anonymous User and is accessible by everyone (logged and not logged in users both). Also, graph uploaded by a user is not visible to other users unless the owner shares it.

@jlaw9 I too tried to recreate the issue - both as Anonymous User and as logged-in user, but the generated link worked just fine. However, I did face a similar issue only once. I had to log out and log in again to view the uploaded graph. I thought it was an isolated occurrence, so I did not report it as an issue.

[tmmurali]

@jlaw9 is this a reproducible issue?

[manishkk]

@jlaw9 @tmmurali I faced the same issue but couldn't reliably recreate the same issue after I tried it a few times and then I refreshed all the cookies and logged in again and it worked fine for me.

[jlaw9]

I get this issue every time I try to upload a graph through the UI when I'm logged in ((same error message as the screenshot in @sanket0211 message, reproduced on Chrome and Firefox, before and after clearing cookies). If I change the link given on the UI from http://www.graphspace.com/graphs/ID to http://graphspace.com/graphs/ID, the graph loads just fine.

If I'm not logged in, I do not have this issue.

[tmmurali]

@adbharadwaj Any idea what is causing this issue? Should be a simple fix, I think.

[adbharadwaj]

@tmmurali @jlaw9 @manishkk @jahandaniyal it seems that the session is different for http://www.graphspace.com and http://graphspace.com. One solution will be to use the host domain of the current session instead of using the configured hostname in the settings file.

[sanket0211]

@adbharadwaj Sir, Prof. @tmmurali, @jlaw9, @manishkk, @jahandaniyal, I came across this website - https://www.a2hosting.com/kb/developer-corner/apache-web-server/adding-or-removing-the-www-prefix-in-domain-urls. Would this help?

[adbharadwaj]

@sanket0211 That is one solution. Can you investigate the reason behind different session for different subdomains in django?

[sanket0211]

@adbharadwaj Sir, I guess the session cookie is not being shared across multiple domains. Check out this https://stackoverflow.com/questions/2116860/django-session-cookie-domain-with-multiple-domains. Here they have mentioned ways of sharing session cookie across multiple domains and sub-domains. We can try it.

[adbharadwaj]

I like the last solution i.e., setting the session cookie domain to start with a "." character.

In settings.py:
SESSION_COOKIE_DOMAIN=".stackoverflow.com"

@sanket0211 Can you send a fix for this issue? Also attach a GIF which shows that the issue has been fixed.