x1ddos / simpleauth

Simple authentication for Python on Google App Engine supporting OAuth 2.0, OAuth 1.0(a) and OpenID
https://simpleauth.appspot.com
327 stars 61 forks source link

Occasionally sessions are empty #31

Closed Gabicoware closed 10 years ago

Gabicoware commented 10 years ago

Very rarely (1 in 100 requests or so) an invalid session is set to the 'auth' cookie. The valid deserialized cookie looks like this: {u'_user': [5690665774088192, 1, u'0u48LYOY8mdVNf38bluT6n', 1407275076, 1407360509]}. And the invalid deserialized cookie looks like this: {}

This becomes the cookie for auth, and the users session cannot recover.

I have one theory, but its tenuous. By putting a try around the dispatch call in https://github.com/crhym3/simpleauth/blob/master/example/handlers.py that you may in some cases be invalidating the session? For instance an exception is fired before the session can be properly set?