Ah, sorry, I understand now.

You can set up middleware, which modifies SESSION_COOKIE_DOMAIN based
on request.get_host() and put it before session middleware. I did
similar thing to set SITE_ID.

Only think you have to take care of is thread safety. You need to
override settings.SESSION_COOKIE_DOMAIN value with thread safe object,
and assign value to it.

Take a look at:
https://bitbucket.org/uysrc/django-dynamicsites/src/e3c6cad807f0328ed3020d28158b3d6ba0b67025/dynamicsites/middleware.py?at=default
https://bitbucket.org/uysrc/django-dynamicsites/src/e3c6cad807f0328ed3020d28158b3d6ba0b67025/dynamicsites/utils.py?at=default

I took that idea there.


Cheers,
  Tom

Dne Thu, 1 Aug 2013 08:40:18 -0700 (PDT)
"J. Cliff Dyer" <j...@sdf.lonestar.org> napsal(a):

> That doesn't make my use case impossible.  I'm not looking for a session 
> that works on both domains.  I'm looking for a site that can create 
> sessions for either domain.
> 
> On Thursday, August 1, 2013 11:10:59 AM UTC-4, Tomáš Ehrlich wrote:
> >
> > This isn't possible. The problem is with cookies: You have to bind them 
> > to certain domain ('example.com') or set of subdomains ('.example.com'). 
> >
> > About a month ago I've created app to bypass this limitation: 
> >
> > - There is one "master" domain, where new session keys are created. 
> > - When user access any of "slave" sites, his browser has to go through 
> >   several redirects: 
> >     
> >   1. First, it's redirected to "master" site. There he gets token 
> >      representing current session key. 
> >   2. Then it's redirected back to "slave" site, where django sets 
> >      appropriate cookie with session key (extracted from token). 
> >   3. After then, it's redirected back to original page (on slave site). 
> >      Session cookie is set so user can access the same session as on 
> >      master site. 
> >
> > - Cookie needs to be set only once. When session (on any site) is 
> >   invalid, the other sites will notice that and automatically generates 
> >   new session key. 
> >
> > Another solution I've seen was distributing session key through 
> > iframes, but when you have lot of domains, it's easier to do it this 
> > way. 
> >
> > I could share the code, if you were interested. It isn't published 
> > anywhere yet. 
> >
> >
> > Cheers, 
> >   Tom 
> >
> > Dne Thu, 1 Aug 2013 06:41:20 -0700 (PDT) 
> > "J. Cliff Dyer" <j...@sdf.lonestar.org <javascript:>> napsal(a): 
> >
> > > Is there a way to set the SESSION_COOKIE_DOMAIN for multiple domains, 
> > > possibly using the contrib.sites framework? 
> > > 
> > > We deploy on AWS, and when we roll out an update to one of our site, we 
> > > first create a new cloudformation stack, and attach a domain name to it 
> > > like prod-oursite-20130801.devstacks.net. 
> > > 
> > > When we decide it's ready for production, we point www.oursite.com to 
> > the 
> > > stack.  This causes problems with the SESSION_COOKIE_DOMAIN, as we need 
> > to 
> > > have the cookies domain set to .oursite.com if someone is visiting from 
> > > www.oursite.com (or fl.oursite.com, or wa.oursite.com, etc, etc.), but 
> > if 
> > > they are visiting from prod-oursite-20130801.devstacks.net, we want to 
> > > either set the SESSION_COOKIE_DOMAIN to 
> > > prod-oursite-20130801.devstacks.net, or unset it altogether, and just 
> > use 
> > > the default session domain. 
> > > 
> > > I would love if SESSION_COOKIE_DOMAIN could be set to a dictionary, like 
> > > this: 
> > > 
> > >     SESSION_COOKIE_DOMAIN = { 
> > >         'www.oursite.com': '.oursite.com', 
> > >         'prod-oursite-20130801.devstacks.net': '.devstacks.net', 
> > >     } 
> > > 
> > > but it doesn't seem like that's possible. 
> > > 
> > > 
> >
> 

Attachment: signature.asc
Description: PGP signature

Reply via email to