Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Workaround Needed for Cookie Validation Issue During Django Upgrade #19350

Closed
webjunkie opened this issue Dec 15, 2023 · 0 comments · Fixed by #19351
Closed

Workaround Needed for Cookie Validation Issue During Django Upgrade #19350

webjunkie opened this issue Dec 15, 2023 · 0 comments · Fixed by #19351
Labels
bug Something isn't working right

Comments

@webjunkie
Copy link
Contributor

We've encountered an issue related to two-factor authentication cookie validation after a major Django version upgrade, as detailed in issue #686. This issue arises due to the change in user password hashes when Django's hash iteration count is updated in a new version, leading to a mismatch in the two-factor authentication cookies' validation.

We can for now implement a workaround. This involves catching the BadSignature exception raised during the cookie validation process when there's a mismatch in the hashes. This situation occurs after upgrading Django, which causes the user's password hash to change, thereby invalidating the existing two-factor authentication cookies.

This issue is critical for us to upgrade our Django version without disrupting the user experience of people coming back and having a 2FA cookie.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working right
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(auth): Fix problem of BadSignature in django two factor auth library PostHog/posthog
1 participant
@webjunkie