Django sessions are not working

sankar
New Member
12 0 0

Hi team,

In app index page, Apps are rendering into iframe. Our app was built using django framework, django uses sessions to login a user, but sessions are not working with iframe. So our app is showing 404 page to user. Do you have any documentation for django apps?

 

Thanks,

Sankar Rao

Replies 6 (6)
CalD
Shopify Staff
Shopify Staff
140 21 32

Hey @sankar,

There isn't an official tutorial to follow for django apps, but here's a Django App Example repo.

CalD | Developer Support @ Shopify 
 - Was my reply helpful? Click Like to let me know! 
 - Was your question answered? Mark it as an Accepted Solution
 - To learn more visit Shopify.dev or the Shopify Web Design and Development Blog

AscendedCrow
Shopify Partner
5 0 0

I followed the tutorial and it uses this:

request.session['shopify_oauth_state_param']

 

Testing locally it works fine and the login seems to work fine. 
When testing the login code on the test site I found that the session data has been removed and is getting this error:

[17/Aug/2021 11:00:35] ERROR [django.request:224] Internal Server Error: /shopify/finalize/
Traceback (most recent call last):
  File "/home/shop2api/env/shop2api/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner
    response = get_response(request)
  File "/home/shop2api/env/shop2api/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/home/shop2api/env/shop2api/lib/python3.8/site-packages/sentry_sdk/integrations/django/views.py", line 67, in sentry_wrapped_callback
    return callback(request, *args, **kwargs)
  File "/home/shop2api/source/connectionz/shopify_conn/views.py", line 67, in finalize
    if request.session['shopify_oauth_state_param'] != params['state']:
  File "/home/shop2api/env/shop2api/lib/python3.8/site-packages/django/contrib/sessions/backends/base.py", line 65, in __getitem__
    return self._session[key]
KeyError: 'shopify_oauth_state_param'

 

 

sillycube
Shopify Partner
693 16 100

By default, Django uses cookies to store session id. So the id may not persist as the cookies are banned by browsers. Try this sample repo. It can support the latest session token auth so sessions can be persisted

Alternatively, you can also make your app into a standalone app. If the app isn't under an iframe, the issue doesn't exist. 

BYOB - Build Your Own Bundles, SPO - SEO App to research keywords & edit social link preview
AscendedCrow
Shopify Partner
5 0 0

I checked and this code is already a problem on that repo on a embedded app:

 

def validate_state_param(request, state):
    if request.session.get("shopify_oauth_state_param") != state:
        raise ValueError("Anti-forgery state parameter does not match")

    request.session.pop("shopify_oauth_state_param", None)

 

 

I think I might come right with some creative ways in storing some of the data in the database. (Token, Url)
I Will need to check on the Anti Forgery Token, but if I skip that step only database can be used for validation

sillycube
Shopify Partner
693 16 100

I think you can test the repo with 3rd party cookie. According to the repo developers, the sample app can persist sessions

BYOB - Build Your Own Bundles, SPO - SEO App to research keywords & edit social link preview
AscendedCrow
Shopify Partner
5 0 0

Thank you for all the feedback, I got a solution by looking a little bit at the repo again. I do not think they do the same, I just added the following in my settings and it persisted the settings.

SESSION_COOKIE_SAMESITE = 'None'
SESSION_COOKIE_SECURE = True
X_FRAME_OPTIONS = 'ALLOWALL'
XS_SHARING_ALLOWED_METHODS = ['POST', 'GET', 'PUT']