On Mon, 2009-08-03 at 17:51 +0100, Chris McCormick wrote: > Hi All, > > I have a strange issue happening with domain cookies. On the site I'm working > on we previously didn't have SESSION_COOKIE_DOMAIN set and so the cookie > defaulted to "Host: mysite.com" We have a bunch of users logged in with that > cookie set. Then we decided we wanted to share the cookie with our subdomains > and so we change SESSION_COOKIE_DOMAIN to be ".mysite.com" which seemed to > work > at first. We are now getting a weird issue which I have narrowed down to users > having two of the same sessionid cookie set, but one has "Host: mysite.com" > and > one has "Domain: .mysite.com" which seems to be confusing Django. The > "confusing Django" behaviour I am experiencing is that when the user logs in, > the cookie seems to switch to use the one I don't want and won't log them in. > E.g. on the Django side the login seems to work, but the user just gets a > logged out screen. Does anyone have any tips on what Django is doing > internally, and how I can fix this issue? Oh yeah, in some of my views I am > doing request.session.set_expiry(distant_future()) - is there a chance this > could be messing with the login process? I have stopped the weirdness by > unsetting SESSION_COOKIE_DOMAIN, so people can log in again successfully now, > but I'd really like to be able to use the wildcard subdomain thing.
Python's Cookie module doesn't handle multiple cookies of the same name very well, so there might be something going on there. But I'm not going to spend too much time thinking about this, since there's an easy solution: In addition to changing the cookie domain, change the session cookie's name. That way you will no longer be looking for the old cookie at all (Django won't care about it) and you can just work with the new name that will only exist with one domain setting. Everybody will appear to be logged out the next time they use the site, but that shouldn't be too onerous. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
