PythonAnywhere Forums

login issue

I'm having a login issue that works in my sandbox and doesn't work for me in my pythonanywhere test. It just checks a username and password I predefined via sqlalchemy, nothing involved. Very simple. Not using Flask-Session or Flask-Login or anything fancy.

My log says something about spawning two threads for uWSGI worker 1, and I'm limited to one app ... maybe a clue? Thanks for pointing me in the right direction.

the two threads should be fine (they serve your static files).

just to double check- you did add your username & password on PythonAnywhere right? (ie. just because you had created/defined it locally, doesn't mean that data automatically gets onto PythonAnywhere)

and when you say it doesn't work, why doesn't it work? (eg: is it because no such user? or missing say a session cookie? etc)

Thanks, Conrad. Yes the user exists (just a quick dummy test - for now in a tiny sqlite file). I wonder if it's the session. I changed from a "random" string I made up for my secret key to set the session to an os-generated string... my first key worked fine for an even simpler test (just setting a value in the session dict-like structure)... hmm that could be a good clue for me, thanks. Maybe the os.urandom() didn't work. I'll run a few tests here. Thanks for giving me some ideas/questions.

I think I found the offending code (ignore the simple, non-salted, non-hashed test for now). Anything obviously lacking? It's trying to check the credentials. Thanks for any help, anyone.

Session = sessionmaker(bind=engine)
s = Session()
query = s.query(User).filter(User.username.in_([POST_USERNAME]), User.password.in_([POST_PASSWORD]) )
result = query.first()

Original tutorial code is at https://pythonspot.com/en/login-authentication-with-flask/

I assume you are getting result == None?

What happens if you print out POST_USERNAME and POST_PASSWORD?

Also you may not be able to change the secret key (ie. it might be using it to encrypt/store passwords in the database etc), and so changing it midway would make it so that you can't login with your original password anymore.

I can print out POST_USERNAME so it's coming through from the form to the app.

Something must not work in the database credential check step. I used a tiny sqlite file for this example since it's seemingly fairly trivial, but something isn't working. I don't think it has to do with secret_key since I restarted the webapp ---- but I probably should've cleared my browser cache or started a new incognito window. Will check that. Hmm, thanks for the sounding board and comments in any case.

you mean you used a sqlite db, ie. instead of the live db, and had created a user/password into this sqlite db, but then running that code failed? can you also just filter on username without the password and see if it can find anything?