search

python-social-auth / social-core

Python Social Auth - Core
BSD 3-Clause "New" or "Revised" License
849 stars 545 forks source link

Unnecessary session created during social login #324

Closed Kashyap23 closed 4 years ago

Kashyap23 commented 5 years ago

When user clicks on login with Google,login page arrives.

screenshot from 2019-03-01 19-11-20

When he closes the tab without logging in and opens our login page in another tab, django is creating session and a session id is present in the cookies. Also the expiry time of session is set to an odd date of 1969(Ref Image).

screenshot from 2019-03-01 19-10-13

Is this the intended behaviour ? Is there a way to stop creating session in django in this case ?

settings

AUTHENTICATION_BACKENDS = ( 
    'social_core.backends.open_id.OpenIdAuth',
    'social_core.backends.google.GoogleOpenId',
    'social_core.backends.google.GoogleOAuth2',
    'social_core.backends.google.GoogleOAuth',
    'social_core.backends.linkedin.LinkedinOAuth2',
    'social_core.backends.facebook.FacebookOAuth2',
    'django.contrib.auth.backends.ModelBackend',
    'app.auth_backend.Auth0Backend'
)

SOCIAL_AUTH_PIPELINE = ( 
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'app.views.social_auth.process_login',
)

SOCIAL_AUTH_FIELDS_STORED_IN_SESSION = ['id','next']

Please provide the necessary help. Thanks in Advance

sevdog commented 5 years ago

I think that this issue should be moved to social-app-django since its not related to socia-core but to django integration.