Losing session data when user logs in

Question

Hello,

I have been working on a shop that is built in Python on the back of the django framework, everything was working fine until I noticed that when a user proceeds to the checkout and is requested to log in they do so and their basket empties...obvioulsy this is not a great thing for a basket to do, I was wondering what is causing this, could some look over my code and give me some advice at what it could be? I am at my wits end.

=====Edit - Below is my code I would appreciate it if someone could give me a hit at how i can stop the basket clearing when a users logins=====

 def basket(request):
    """
    Display the current state of the basket and allow the customer to modify
    the discount and quantities of each row of the basket
    """
    data = {}

    basket = Basket(request)

    discount_form = DiscountCodeForm(basket)


    if request.method == "POST":
        if 'update' in request.POST:
            basket.post_update(request)

            discount_form = DiscountCodeForm(basket, request.POST)
            if discount_form.is_valid():
                cleaned_data = discount_form.cleaned_data
                if cleaned_data['discount_code']:
                    basket.set_discount(Offer.objects.get(code=cleaned_data['discount_code']))

        if 'delete' in request.POST:
            basket.post_delete(request)

        if 'remove_discount' in request.POST:
            basket.remove_discount()

    data['discount_form'] = discount_form
    data['logged_in'] = persistent_account(request)
    data['pageclass'] = 'basket'
    data['category'] = Category.objects.root_category()
    data['products'] = Product.objects.all()
    data['regions'] = Zone.objects.all()
    data['currency'] = Currency.get_default_currency()

    return render_to_response('basket.html', data, RequestContext(request))





def login(request):
"""
Log the user in.
The form is where the actual login occurs. If already logged in, then
forward to the last attempted page, or, if came directly to the login page,
the account page.
@todo: Incorrect guesses limit of 10 then deactive account
"""
data = {}

redirect_to = request.GET.get('next', reverse('account'))

account = persistent_account(request)
if account:
    return HttpResponseRedirect(reverse('account'))

if request.method == "POST":
    login_form = LoginForm(request, request.POST)
    # This next line will also cause a login
    if login_form.is_valid():
        login_form.user.message_set.create(message="You have successfully logged in. Welcome back.")
        return HttpResponseRedirect(redirect_to)
else:
    login_form = LoginForm(request)

data['shop_login_form'] = login_form
data['pageclass'] = 'customer_login'

return render_to_response('login.html', data, RequestContext(request))

What i have given you is my login view and basket view hope that is enough, if not feel free to shout me.

Answer 1

This will probably be something to do with session management.

A user arrives at your site without first logging in, adds a few things to their basket, and then proceeds to the checkout. Upon first arrival at your site a session is established for this user. This might be done through cookies, a session id that is present in the URI, or a combination of both. The session associates the user's shopping basket with the user and is tracked on the server.

Now, in order to checkout on your system the user must log in. This creates a brand new session for the user and your system is losing track of the original session that the user had. The net effect of this is that their basket empties - because they effectively have a new basket.

I have absolutely no idea how sessions are being managed in your system (because, other than django, you provide no details whatsoever), but this is where I'd start looking.

I don't think that you'll find anyone that will do a free code review for you, so you need to figure out how sessions are being managed in your system and then post a more specific question. Good luck.

Answer 2

Are you running two django instances on the same machine? If so, check that SESSION_COOKIE_NAME is set to something different for each instance.

We had the problem that instances using sessions using the same SESSION_COOKIE_NAME had very sporadic (read bizarre) behaviour.