Closed pwnedDesal closed 8 years ago
Interesting. I'm not sure why it would do that.
Have you tried creating a second user with the manage.py
command?
https://github.com/Netflix/sleepy-puppy/blob/master/manage.py#L58
problem solve thank you ! :dancer:
The problem occurs again after a few hours and the proposed solution(creating new user) doesn't solve the problem anymore :( . I currently trying sleepy-puppy via c9.io
Hey @deadstar1,
I'm wondering if c9.io is clearing the database after some period of time. I'd connect to the DB and look through the user table. Do that once when it's working, and once when it's broken. My hunch is that the DB is getting reset on you.
I don't think so. When i create a user with a username, that already exists in the database, using manage.py
. manage.py says user already exists!
so c9.io does not clearing the database.
Sometimes the bug is triggered, sometimes not.
A proxy log of the requests would be helpful, if you can please use Burpsuite and record your proxy history during the login issues/403 forbidden. If you can send me that log it should help with troubleshooting. Alternatively if you have information you need to redact, maybe take some screenshots of the Burp proxy log.
HTTP Request
HTTP Response after an authentication
Console Log
Do you have a TLS certificate configured and is the server listening on 443?
I also installed sleepy-puppy in codeanywhere.com the same result was happened
Looking back over your screenshots it looks like one of the POST requests results in a 400 HTTP error. Something may be in the logs, could you perform the same authentication flow and send me over your nginx error log as well as any errors in sleepypuppy.log (in the root of the folder).
Also if you can provide the request/response screenshots for whatever call to /login is resulting in the 400 that would also be helpful!
Hi @deadstar1, just circling back on this. Are you still having the same problem?
look like there is no issue anymore. thanks
Hi, Whenever i authenticate myself using my credentials in sleepy-puppy web interface, My browser is alway redirected back to http://sleepy-puppy-ip/login/ and sometimes i get 403 forbidden error. i seem the session is not created.