Hi Niphlod, thanks for your answer. I've realised that my example has an important error. Let's forget about *secondarydomain.com, **there is one only domain, and a subdomain*. This may change a little the considerations. *The user logs in through panel.customdomain.com, and then navigates through both domains **customdomain**.com and panel.**customdomain**.com*.
This method is working ok, and it's been working for a long time. I guess this line is doing the trick: response.cookies[response.session_id_name]['domain'] = 'customdomain.com' Then, for example, from within the views of *customdomain.com*, I can succesfully make ajax calls to *panel.customdomain.com,* that is: calls to URLs that need login. And everything work ok that way. Is this still consider a bad practice? Or is it ok because it's the same domain? I understand this is not web2py specific. I appreciate your time. Now I will take a look into CORS, and make some tests. Regards, Lisandro. El martes, 31 de mayo de 2016, 10:12:24 (UTC-3), Niphlod escribió: > > afaik cookies can't be sent to multiple domains. CORS is needed. IMHO it's > correct that web2py doesn't provide a way to support that. > > On Tuesday, May 31, 2016 at 2:46:45 PM UTC+2, Lisandro wrote: >> >> I have *two web2py apps that share the same db, and they also share the >> session*. >> Both *apps are served through different domains* (using routes.py). >> That means that *the user logs in one domain* (through one of the apps), >> *and >> then can navigate through both domains* (that is, both apps) being >> logged in. >> >> I've achieved that with this code in models/db.py: >> >> db = DAL(...) >> >> session.connect(request, response, db=db, masterapp='primary') >> >> if response.session_id_name in response.cookies: >> response.cookies[response.session_id_name]['domain'] = ' >> primarydomain.com' >> >> *Apps are called "primary" and "secondary", the domains are >> "primarydomain.com <http://primarydomain.com>" and "secondarydomain.com >> <http://secondarydomain.com>", and the login is done through secondary app.* >> >> >> *Please notice the last two lines of code.* I had to add those two lines >> in order for it to work. >> It wasn't enough setting masterapp='primary', the session wasn't shared >> through apps (and both domains), so then I managed to make that fix. >> However, *I'm not so sure if that's the correct way of doing it.* >> The reason I'm not sure is because some times (very few times), the >> browser gets stuck asking for login. >> I cannot reproduce the problem, but in some rare ocasions, the user >> cannot login anymore (the browser keeps asking email and password, and the >> user needs to delete all cookies in order to login again). >> >> If you consider that isn't the proper way of doing it, I will appreciate >> any suggestion or comment. >> Thanks as always! >> >> Regards, >> Lisandro. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
