webology, 1 month ago

My spidey senses are tingling because I'm on Django 5.0.4, and I have never run into this before this version.

This is probably a red herring, but Mastodon, let me know if you have ever stumbled on this or you have recently.

webology, 1 month ago

Ah, even worse, but I figured out how to repeat it.

Every time runserver auto-reloads, it logs me out.

🤔 Now I'm wondering if it is new Django or some allauth change.

bmispelon, 1 month ago

@webology That looks like a fun bug to track down 😁

Could it be you have some kind of in-memory session storage that gets wiped out on reload?

webology, 1 month ago

@bmispelon The developer was too clever.

https://mastodon.social/@webology/112224729314862224

webology, 1 month ago

💥 FOUND IT 💥

A recent change to SECRET_KEY, which rotates the value based on secrets, was the culprit.

More importantly, this was a project setting change, NOT a Django change.

That's 30 minutes I'll never get back.

josh, 1 month ago

@webology Oops 😬

webology, 1 month ago

@josh Issues were filed 😉

fallenhitokiri, 1 month ago

@webology I am a bit slow today, but secrets in settings.py or environment variable?

I’ve seen “Session data corrupt” in the logs of an internal project last night but didn’t dig in it yet. The project is on 4.2.6.

webology, 1 month ago

@fallenhitokiri It was a clever use of Python's import secrets and then usage of secrets.token_hex(32) for SECRET_KEY's default value if left blank.

fallenhitokiri, 1 month ago

@webology ok, so I’ll definitely have to look for a different reason why I’ve seen this message :) thanks!

webology, 1 month ago

@fallenhitokiri Oh no. Did you wake up to one today too?

fallenhitokiri, 1 month ago

@webology yep, didn’t plan to work today, but still had the terminal open and saw the message first thing in the morning.

webology, 1 month ago

@fallenhitokiri My hunch was that the broken media links were tricking Django into thinking I was trying to hack something.