So, my current work project involves porting a web management UI for a telephony platform to Django, and I’ve had to adapt use of Django considerably for our legacy requirements. It’s been relatively easy to do so, but as usual with software, it is not without bugs.
The Django session middleware makes of of the MD5 algorithm to create session ids and prevent tampering. I found that sporadically, the session was discarded as invalid for no apparent reason. Well, I did a bunch of debugging today and finally narrowed it down to the computed md5 sum in the session module itself. Kind of odd, right? Well, I reported the problem and then I found evidence that I was not alone, and a potential fix.
I’ve since confirmed that removing all PHP packages does fix the issue, and I’ve patched Django’s session handling in our Django package to use SHA-1 instead of MD5. Still, one of the odder problems I’ve seen, I have only a vague guess as to how this could be caused.
But I Digress 