-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJR+nqDAAoJEJ9WpvTpw+EqRWMQANHgDn18agkwaeO2i65aOUAK
xZ3Cs6kno1e2shz1m0rmdE6uE+eIJw/dpjXwWMZ/qC+CCVt0B0nDcSBwqRBHziQC
pYrMNYcdDhp/soljW2wqIji1lyZHuxysyGQwibBZFsKQSSSff6mgsQ0NHiK1NjvN
6q5WkW+XIRDbwXmTiECwSJThqVzsYYbg+/a+Rzq4RDsktPrLmzmj/BmjDbv2IZCz
NBlVWwJCPseeTklndakGR8Wx5upO2/q4pJwJ06AOnwu6fGYpFz7QAdh6ogPcnbaf
wzGb/5qQnmxsGPQ+aWlVILA7OT1QlupWlbextyWSUCTpN9kI1WqesaMojDMmsT7Z
46oebCJSx79yljkGm8QboiGeBbIGrh8MCiqLcCpomyTwbKEaefWBlkEDUmQzr73e
rcS3+Ljt1kBH2HYMSEZzF1ojOEidgFgrftQgIB/3ha1sooBQZxIxAXq8cn44w8Pe
gD/XN7Q9PrSvblLCodh0UM5V+FxpnCkG04hUhQjaoeWhTdhL7e5SpY3xQAB9oTgk
FmAY5I7kEWbJunPjb5e0t5TtrRDk6BCweRzPEsjCaYmLMMfP1No6r/3ZwO9GTPsZ
tiJcEFppCo2sSDuKtGUDvAwFA2JC5ZmqaPsG7KiV1Bl7w0qL/TCyO36ZFeijtf0p
ChkwQLZ6x0041yknIK0C
=3cze
-----END PGP SIGNATURE-----
This isn't possible. The problem is with cookies: You have to bind them
to certain domain ('example.com') or set of subdomains ('.example.com').
About a month ago I've created app to bypass this limitation:
- There is one "master" domain, where new session keys are created.
- When user access any of "slave" sites, his browser has to go through
several redirects:
1. First, it's redirected to "master" site. There he gets token
representing current session key.
2. Then it's redirected back to "slave" site, where django sets
appropriate cookie with session key (extracted from token).
3. After then, it's redirected back to original page (on slave site).
Session cookie is set so user can access the same session as on
master site.
- Cookie needs to be set only once. When session (on any site) is
invalid, the other sites will notice that and automatically generates
new session key.
Another solution I've seen was distributing session key through
iframes, but when you have lot of domains, it's easier to do it this
way.
I could share the code, if you were interested. It isn't published
anywhere yet.
Cheers,
Tom
Dne Thu, 1 Aug 2013 06:41:20 -0700 (PDT)
"J. Cliff Dyer" <jcd@sdf.lonestar.org> napsal(a):
> Is there a way to set the SESSION_COOKIE_DOMAIN for multiple domains,
> possibly using the contrib.sites framework?
>
> We deploy on AWS, and when we roll out an update to one of our site, we
> first create a new cloudformation stack, and attach a domain name to it
> like prod-oursite-20130801.devstacks.net.
>
> When we decide it's ready for production, we point www.oursite.com to the
> stack. This causes problems with the SESSION_COOKIE_DOMAIN, as we need to
> have the cookies domain set to .oursite.com if someone is visiting from
> www.oursite.com (or fl.oursite.com, or wa.oursite.com, etc, etc.), but if
> they are visiting from prod-oursite-20130801.devstacks.net, we want to
> either set the SESSION_COOKIE_DOMAIN to
> prod-oursite-20130801.devstacks.net, or unset it altogether, and just use
> the default session domain.
>
> I would love if SESSION_COOKIE_DOMAIN could be set to a dictionary, like
> this:
>
> SESSION_COOKIE_DOMAIN = {
> 'www.oursite.com': '.oursite.com',
> 'prod-oursite-20130801.devstacks.net': '.devstacks.net',
> }
>
> but it doesn't seem like that's possible.
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment