Hi Mike,
On Fri, Sep 30, 2016 at 06:00:30AM -0700, Stodge wrote:
> Thanks Michal,
>
> The two servers are on the same domain and use different databases. At the
> moment I'm using the default Django session backend.
>
> It's an experiment, nothing more really. I just wanted to see if I could
> make it work. I haven't really worked out the flow, but it's probably
> something like:
>
> - admin creates user account on A1, auto replicates it to S1
> - user U1 visits S1, not logged in
> - U1 redirected to A1 to generate auth token, not logged in
> - U1 logs into A1
> - U1 redirected back to S1 to accept authentication
> - S1 logs U1 in, creates session as normal
>
> So the user is logged into both. It's a fairly naive attempt at reinventing
> the wheel, but that's how we learn, right? :)
Sounds all right, at least from a higher-level point of view. So
basically, those two services are pretty much separate, just sharing a
domain. In this case, your problem should go away if you set a unique
SESSION_COOKIE_NAME for each of those sites.
It might be a different situation if those two sites were using a
shared database; then, the same session ID would be valid for both,
but since that's not the case here, they need to be separate.
Cheers,
Michal
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/20160930132620.GZ6601%40koniiiik.org.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment