First time here? Check out the FAQ!
1

cookie domain-subdomain

Hi all!
I've deployed askbot on subdomain and I have another django application (blogs) that runs on main domain. Both share the same database, so users are registered and logged in only with askbot.
But now I want users that logged in on subdomain will be "logged in" on main domain automatically, and vice versa of course.
I added SESSION_COOKIE_DOMAIN = 'maindomain.com' to both askbot and blogs, but it doesn't help. What is common solution for this?
P.S. Tow applications are different django instances that everyone in its own virtualenv with own 'settings.py' file. Thanks!

edit:
Configs are same for two sites:

CACHES = {
'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': '127.0.0.1:11211',
        'KEY_PREFIX': 'production'
           }
    }
CACHE_MIDDLEWARE_ANONYMOUS_ONLY = True

#SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
SESSION_COOKIE_DOMAIN = '.domain.org'
SESSION_COOKIE_NAME = "sesid"

I've tried various session engines, but seems that problem is not here..

DominiCattus's avatar
105
DominiCattus
updated 2011-07-20 07:29:33 -0600, asked 2011-07-14 03:36:39 -0600
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Please try SESSION_COOKIE_DOMAIN = '.maindomain.com'

(With the leading "dot" before "mydomain")

Does that help?

Evgeny's avatar
13.2k
Evgeny
updated 2011-07-14 03:42:17 -0600, answered 2011-07-14 03:38:16 -0600
edit flag offensive 0 remove flag delete link

Comments

No, doesn't help unfortunately. I see that both sites have cookie ".maindoman.com", share the same session_id, just askbot site have also askbot_csrf cookie, and csrf_token that points to "maindomain.com" without dot. When I log in to one site, the other doesn't detect it.. When I log in with this user on other site also, he is logged out on the first one. Strange...
DominiCattus's avatar DominiCattus (2011-07-15 01:40:42 -0600) edit
The leading dot makes the cookies recognizable across subdomains, so for any cookies you want to work like that - add the dot. Does common login work? If not probably it is because you are not sharing the session data between the sites.
Evgeny's avatar Evgeny (2011-07-15 08:39:47 -0600) edit
You're right. Looks like sessions conflict each with other. Any clue what can cause it? django_session is uniq table in DB that two sites use. Maybe caching sessions settings break the things here..
DominiCattus's avatar DominiCattus (2011-07-20 07:31:27 -0600) edit
I think the two sites are using different sessions, even though you save them all in the same table, I am reading the docs now. But why don't you install both on the same django project - is that impossible?
Evgeny's avatar Evgeny (2011-07-20 13:04:08 -0600) edit
Yeah.. Seems that it will be the final solution for this )) If using askbot as app, that's OK.
DominiCattus's avatar DominiCattus (2011-07-20 19:45:37 -0600) edit
add a comment see more comments