Thursday, September 29, 2016

Visiting one Django server logs me out of another Django server, both behind the same proxy

I have two Django servers A1 and S1, which sit behind a simplistic NodeJS proxy. This is a silly attempt at single sign on.

I can log into and out of A1 (authentication server) just fine. If I log into A1, visit S1 (without being logged in to S1) and then revisit A1, I am no longer logged in. The S1 server doesn't set a new session ID in the cookie and I don't think from memory that the CSRF changes. The session ID cookie hasn't changed, the domain is the same etc.

I can't work out why I'm no longer logged into A1. I know this isn't much to go on but I'm assuming something is happening to the cookies set by S1 when I visit it. Any suggestions appreciated.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f6ce063f-b0df-46d9-90cd-29a72f57410c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment