Re: SESSION_COOKIE_DOMAIN on multiple domains.

That doesn't make my use case impossible.  I'm not looking for a session that works on both domains.  I'm looking for a site that can create sessions for either domain.

On Thursday, August 1, 2013 11:10:59 AM UTC-4, Tomáš Ehrlich wrote:

This isn't possible. The problem is with cookies: You have to bind them
to certain domain ('example.com') or set of subdomains ('.example.com').

About a month ago I've created app to bypass this limitation:

- There is one "master" domain, where new session keys are created.
- When user access any of "slave" sites, his browser has to go through
  several redirects:
   
  1. First, it's redirected to "master" site. There he gets token
     representing current session key.
  2. Then it's redirected back to "slave" site, where django sets
     appropriate cookie with session key (extracted from token).
  3. After then, it's redirected back to original page (on slave site).
     Session cookie is set so user can access the same session as on
     master site.

- Cookie needs to be set only once. When session (on any site) is
  invalid, the other sites will notice that and automatically generates
  new session key.

Another solution I've seen was distributing session key through
iframes, but when you have lot of domains, it's easier to do it this
way.

I could share the code, if you were interested. It isn't published
anywhere yet.


Cheers,
  Tom

Dne Thu, 1 Aug 2013 06:41:20 -0700 (PDT)
"J. Cliff Dyer" <j...@sdf.lonestar.org> napsal(a):

> Is there a way to set the SESSION_COOKIE_DOMAIN for multiple domains,
> possibly using the contrib.sites framework?
>
> We deploy on AWS, and when we roll out an update to one of our site, we
> first create a new cloudformation stack, and attach a domain name to it
> like prod-oursite-20130801.devstacks.net.
>
> When we decide it's ready for production, we point www.oursite.com to the
> stack.  This causes problems with the SESSION_COOKIE_DOMAIN, as we need to
> have the cookies domain set to .oursite.com if someone is visiting from
> www.oursite.com (or fl.oursite.com, or wa.oursite.com, etc, etc.), but if
> they are visiting from prod-oursite-20130801.devstacks.net, we want to
> either set the SESSION_COOKIE_DOMAIN to
> prod-oursite-20130801.devstacks.net, or unset it altogether, and just use
> the default session domain.
>
> I would love if SESSION_COOKIE_DOMAIN could be set to a dictionary, like
> this:
>
>     SESSION_COOKIE_DOMAIN = {
>         'www.oursite.com': '.oursite.com',
>         'prod-oursite-20130801.devstacks.net': '.devstacks.net',
>     }
>
> but it doesn't seem like that's possible.
>
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.