Thank you both for your answers. I'm not sure if I only need to share the login or the session too. I will need to read more about CAS to be sure. I don't store data at session level (I mean, data that I would then retrieve between the two different domains). But I do need the user logs in through one app (on a subdomain), and then keep logged in when browsing main domain and subdomain.
The code I posted before is working. I understand maybe it's not the best practise, as Niphlod pointed out. However, should I concern about security if I keep doing it that way? At least for the time it takes me to implement the proper way. El martes, 31 de mayo de 2016, 12:12:04 (UTC-3), Anthony escribió: > > Do you really need to share the session, or do you just need to share the > login (i.e., single sign-on)? If the latter, how about using CAS > <http://web2py.com/books/default/chapter/29/09/access-control#Central-Authentication-Service> > instead? > > Anthony > > On Tuesday, May 31, 2016 at 8:46:45 AM UTC-4, Lisandro wrote: >> >> I have *two web2py apps that share the same db, and they also share the >> session*. >> Both *apps are served through different domains* (using routes.py). >> That means that *the user logs in one domain* (through one of the apps), >> *and >> then can navigate through both domains* (that is, both apps) being >> logged in. >> >> I've achieved that with this code in models/db.py: >> >> db = DAL(...) >> >> session.connect(request, response, db=db, masterapp='primary') >> >> if response.session_id_name in response.cookies: >> response.cookies[response.session_id_name]['domain'] = ' >> primarydomain.com' >> >> *Apps are called "primary" and "secondary", the domains are >> "primarydomain.com <http://primarydomain.com>" and "secondarydomain.com >> <http://secondarydomain.com>", and the login is done through secondary app.* >> >> >> *Please notice the last two lines of code.* I had to add those two lines >> in order for it to work. >> It wasn't enough setting masterapp='primary', the session wasn't shared >> through apps (and both domains), so then I managed to make that fix. >> However, *I'm not so sure if that's the correct way of doing it.* >> The reason I'm not sure is because some times (very few times), the >> browser gets stuck asking for login. >> I cannot reproduce the problem, but in some rare ocasions, the user >> cannot login anymore (the browser keeps asking email and password, and the >> user needs to delete all cookies in order to login again). >> >> If you consider that isn't the proper way of doing it, I will appreciate >> any suggestion or comment. >> Thanks as always! >> >> Regards, >> Lisandro. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
