Re: SESSION_COOKIE_DOMAIN on multiple domains.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR+oLTAAoJEJ9WpvTpw+EqBwAP/jwg5a6cpMDXAgczG2Wtf8Tc
7BxP7y/mGG/1G/NDS0Gx0f3P/n71+PinidattvSoukjHcwfLUEadpcoVO7yXk8xM
6hB5g7p8LP6nj2AslbWxxNZOM72Oua/rA22oOp5PJ33yefk7bVQzh2P3MC4TcXEf
ei6wt48uoaqzFftJMl7dlcmHn8dcZgHVj4g9mqcYxObyNMkyh/QGvyMBCZlOLViI
MFojEWwqf+FQFtFJ/WAx+Yc7282xH+DzQlp3MCB6CcfWDnae2pSv3aLgJxQUW0Sb
/+DGHcmHL2QAH1w93LDjD/v5GGlFRLtn+uBt0ptT1vFk1ZMyWYzlQgbko6onsOiH
PL22Q04axF7If/PFCvj13q7uy16JLG4NI1BMQLQkIpqRI80Fzc89l6g4KG6osL4Q
yURWEhky9B4UHvfYRkeySr5Sl/QjL3oL13RIVTYbTdWMPqCZJZocB2cIJ+NnvaLn
jf1gxDQuY7wy0fsz5pStP8Yo0b9mCo1JPVAUvZXUzChIA/9XvrDQwoZiUOm+vNYp
DiO3eGyW/d5ScruH+BedNVPM0QJokukh8MhEOjcakgAhPJgBUviS2L3Xd+Nj5G+g
Si/6HjzaKK8Os0TTi3sMHfmdWNiw718Y74rq/IPRQs7ZVG6jyaRDSh1SQKhOPF5o
BKsFt4tvmftwwkMJw/Lm
=7fvM
-----END PGP SIGNATURE-----
Ah, sorry, I understand now.

You can set up middleware, which modifies SESSION_COOKIE_DOMAIN based
on request.get_host() and put it before session middleware. I did
similar thing to set SITE_ID.

Only think you have to take care of is thread safety. You need to
override settings.SESSION_COOKIE_DOMAIN value with thread safe object,
and assign value to it.

Take a look at:
https://bitbucket.org/uysrc/django-dynamicsites/src/e3c6cad807f0328ed3020d28158b3d6ba0b67025/dynamicsites/middleware.py?at=default
https://bitbucket.org/uysrc/django-dynamicsites/src/e3c6cad807f0328ed3020d28158b3d6ba0b67025/dynamicsites/utils.py?at=default

I took that idea there.


Cheers,
Tom

Dne Thu, 1 Aug 2013 08:40:18 -0700 (PDT)
"J. Cliff Dyer" <jcd@sdf.lonestar.org> napsal(a):

> That doesn't make my use case impossible. I'm not looking for a session
> that works on both domains. I'm looking for a site that can create
> sessions for either domain.
>
> On Thursday, August 1, 2013 11:10:59 AM UTC-4, Tomáš Ehrlich wrote:
> >
> > This isn't possible. The problem is with cookies: You have to bind them
> > to certain domain ('example.com') or set of subdomains ('.example.com').
> >
> > About a month ago I've created app to bypass this limitation:
> >
> > - There is one "master" domain, where new session keys are created.
> > - When user access any of "slave" sites, his browser has to go through
> > several redirects:
> >
> > 1. First, it's redirected to "master" site. There he gets token
> > representing current session key.
> > 2. Then it's redirected back to "slave" site, where django sets
> > appropriate cookie with session key (extracted from token).
> > 3. After then, it's redirected back to original page (on slave site).
> > Session cookie is set so user can access the same session as on
> > master site.
> >
> > - Cookie needs to be set only once. When session (on any site) is
> > invalid, the other sites will notice that and automatically generates
> > new session key.
> >
> > Another solution I've seen was distributing session key through
> > iframes, but when you have lot of domains, it's easier to do it this
> > way.
> >
> > I could share the code, if you were interested. It isn't published
> > anywhere yet.
> >
> >
> > Cheers,
> > Tom
> >
> > Dne Thu, 1 Aug 2013 06:41:20 -0700 (PDT)
> > "J. Cliff Dyer" <j...@sdf.lonestar.org <javascript:>> napsal(a):
> >
> > > Is there a way to set the SESSION_COOKIE_DOMAIN for multiple domains,
> > > possibly using the contrib.sites framework?
> > >
> > > We deploy on AWS, and when we roll out an update to one of our site, we
> > > first create a new cloudformation stack, and attach a domain name to it
> > > like prod-oursite-20130801.devstacks.net.
> > >
> > > When we decide it's ready for production, we point www.oursite.com to
> > the
> > > stack. This causes problems with the SESSION_COOKIE_DOMAIN, as we need
> > to
> > > have the cookies domain set to .oursite.com if someone is visiting from
> > > www.oursite.com (or fl.oursite.com, or wa.oursite.com, etc, etc.), but
> > if
> > > they are visiting from prod-oursite-20130801.devstacks.net, we want to
> > > either set the SESSION_COOKIE_DOMAIN to
> > > prod-oursite-20130801.devstacks.net, or unset it altogether, and just
> > use
> > > the default session domain.
> > >
> > > I would love if SESSION_COOKIE_DOMAIN could be set to a dictionary, like
> > > this:
> > >
> > > SESSION_COOKIE_DOMAIN = {
> > > 'www.oursite.com': '.oursite.com',
> > > 'prod-oursite-20130801.devstacks.net': '.devstacks.net',
> > > }
> > >
> > > but it doesn't seem like that's possible.
> > >
> > >
> >
>