I have a Django application I just moved to production. I am unable to make the site display I am logged in. It works fine on my local machine and I do not see any errors in production and the username and password is correct. The problem the session cookie is not being set and my settings are correct I believe. Here are my settings related to sessions:
DEBUG = False
ALLOWED_HOSTS = ["localhost","18.104.22.168","founderslooking.com","app.founderslooking.com"]
CORS_ALLOWED_ORIGINS = [
CORS_ORIGIN_ALLOW_ALL = True
CORS_ALLOW_CREDENTIALS = True
SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_DOMAIN = "founderslooking.com"
#SESSION_COOKIE_SECURE = False
CSRF_TRUSTED_ORIGINS = ["http://localhost", "http://*.127.0.0.1", "http://app.founderslooking.com",]
INTERNAL_IPS = [
I am not using https because I am only testing the site until I am sure everything works, then I will switch over to https.
Why is the session cookie not being set?
The application is on a VPS using Ubuntu, Gunicorn, Nginx and Supervisord
It looks like you have some cross origin requests somewhere between
Can you describe what is the purpose of each domain ? Do you have a frontend served by one domain and the backend served by the other one ?
What is the domain serving the login url ?
In your browser developer tools, do you see the session cookie set in the response of the login url ? If so, can you give the characteristics of this
cookie ? Then, on subsequent requests for which you would expect the session cookie to be sent, can you see it in the request’s headers ? What is an example url for such request ?
Hello thanks for posting. app.founderslooking.com is a Vue application and founderslooking.com is a Django app with some pages and a REST API that provide data to the Vue app. I managed to get it working if I cleared the history and logged in again. Problem however is it somehow does not remember the cookie, because this morning when I accessed the site I got a CORS error which got fixed after I again cleared all the history and logged back in. Really not sure why it does not respect the same cookie from yesterday if it was still present in my browser this morning?
so it seems to happen every time. If I log into the site then I go to my Vue app I can see my data because it gets it from the API but if I want to post something I get that CORS error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://founderslooking.com/api/v1/profiles/founders/1/u/. (Reason: CORS request did not succeed). Status code: (null).
So what are my settings then supposed to be so I can make requests from app.founderslooking.com to founderslooking.com?