On Wednesday, May 16, 2012 3:36:15 PM UTC-4, Iain Duncan wrote: > > Hey folks, we have a pyramid app that responds to multiple subdomains and > routes accordingly, with the account being chosen based on the subdomain > but all code running through the same engine > > http://iain.cloudapp.com -> app knows to return Iain's data > http://snufkin.cloudapp.com -> app knows to use snufkin's data > > Accounts can allow access to other account's if the user has been given > that privilege. IE, Iain should be able to login, work on > iain.cloudapp.com, and switch to glyn.cloudapp.com if he's allowed, but > *without* having to login again. Iain should be able to login by either > going to www.cloudapp.com or iain.cloudapp.com. > > We're using the default pyramid authentication system, and as it is out of > the box, if I switch subdomains I'm not treated as logged in. Can anyone > point me in the right direction for making the auth system consider all > subdomains of cloudapp.com act like the same domain? > > thanks! > Iain > > Pyramids auth ticket implementation sets the auth cookie on *.example.com and example.com
In order for it to work across subdomains it must also set the auth cookie on .example.com (notice leading dot). I had to create a custom authentication policy to do this. There is a closed pull request that outlines the required changes, see the pylons-devel thread about it at https://groups.google.com/forum/?fromgroups#!topic/pylons-devel/Z8sUxc9QOaM -- Jason -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To view this discussion on the web visit https://groups.google.com/d/msg/pylons-discuss/-/CdFAdjg9CY0J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
