I am developing a web application with Django as the backend and React as the frontend, focusing on user authentication through sessions. After a successful login, I set various session data such as user ID, name, and email, yet the session ID persists in returning None. I have ensured that the SESSION_ENGINE is set to use database storage and have opted for SESSION_SAVE_EVERY_REQUEST = True. The CORS configuration allows credentials with CORS_ALLOW_CREDENTIALS = True. Despite adhering to these configurations, the absence of a session ID compromises effective session management on the client side. What steps can I take to rectify this and ensure the session ID is created and retrievable after user login?
hey, check if your cookies are being blocked. if ur request doesn’t send cookies, the session won’t persist. also, try adding ‘SESSION_COOKIE_SAMESITE = None’ to your setings.py and make sure ur server and client are on the same domain when testing.
In my experience, this could also happen if your CSRF settings are not configured correctly, especially when dealing with POST requests for authentication. Ensure that CSRF_COOKIE_HTTPONLY and CSRF_COOKIE_SECURE are set appropriately according to your development or production environment. Additionally, verify that your API endpoint for setting the session data in Django is correctly returning the session ID as part of the response. If it’s not, explicitly include the session ID in the response headers or body.