Friday, September 30, 2016

Re: Visiting one Django server logs me out of another Django server, both behind the same proxy

On Thu, Sep 29, 2016 at 01:50:22PM -0700, Stodge wrote:
> I have two Django servers A1 and S1, which sit behind a simplistic
> NodeJS proxy. This is a silly attempt at single sign on.
>
> I can log into and out of A1 (authentication server) just fine. If I
> log into A1, visit S1 (without being logged in to S1) and then
> revisit A1, I am no longer logged in. The S1 server doesn't set a
> new session ID in the cookie and I don't think from memory that the
> CSRF changes. The session ID cookie hasn't changed, the domain is
> the same etc.
>
> I can't work out why I'm no longer logged into A1. I know this isn't
> much to go on but I'm assuming something is happening to the cookies
> set by S1 when I visit it. Any suggestions appreciated.

Are those two applications sitting on the same domain? If yes, then
you should probably configure them to use different session cookies.
Logging in or out causes the session to be reset, and if they try to
use the same session cookie, resetting for either application will
reset it for both.

It's hard to give you any more specific advice, because there are many
ways to go about implementing SSO, some of which would be affected by
this.

You might want to share some more information, such as:

- Are those two applications sharing one database?
- What session backend are you using?
- Are they on the same domain? (this one I've already asked above)
- Could you describe the SSO flow in a bit more detail?

Cheers,

Michal

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20160930082844.GX6601%40koniiiik.org.
For more options, visit https://groups.google.com/d/optout.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)