Re: Feature Idea: Allow setting session cookie name dynamically

[Maciek Olko]

Ah, thank you for explaining. I missed the point and the existing setting,
sorry.

Cheers,
Maciej

wt., 7 cze 2022 o 11:26 Florian Apolloner 
napisał(a):

> Hi Maciej,
>
> You can already customize the cookie name via a setting. What this request
> is asking is customization based on the request object which is not that
> common. Did you check that you configured your applications correctly to
> use different cookie names (
> https://docs.djangoproject.com/en/4.0/ref/settings/#session-cookie-name)?
>
> > I wonder if using a Django project code name as part of session cookie
> for new projects would have a potential to be considered as an accepted
> feature.
>
> has not been considered (as far as I know) and is something I'd be
> strongly against.
>
> Cheers,
> Florian
>
> On Monday, June 6, 2022 at 11:51:24 PM UTC+2 macie...@gmail.com wrote:
>
>> Hi Dan and Carlton,
>>
>> In my current company I am impacted by conflicting session cookie name.
>> We have several internal tools built on Django, available in the internal
>> network under the same top-level domain. The scope of session cookies
>> apparently was set on more than one service to a wildcard. Majority of
>> users use only one of services in day-to-day work, so it's not impacting a
>> big number of people.
>>
>> I personally would be +1 for exposing a method to easily and without
>> copying much code one was able to change it.
>>
>> I wonder if using a Django project code name as part of session cookie
>> for new projects would have a potential to be considered as an accepted
>> feature.
>>
>> Kind regards,
>> Maciej
>>
>> pon., 6 cze 2022 o 22:19 Dan Strokirk  napisał(a):
>>
>>> Hi Carlton, thanks for the response.
>>>
>>> An external package might be useful, although the code majority of the
>>> code would be the copied SessionMiddleware code and the tiny changes to
>>> allow a dynamic cookie name, so my thoughts is that this might be "too
>>> small" for a published pypi package?
>>>
>>> But since I haven't found a similar request earlier on this mailing list
>>> or the issue tracker, it seems that it might be really niche, as you say!
>>>
>>> Best regards,
>>> Dan
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django developers (Contributions to Django itself)" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-develop...@googlegroups.com.
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-developers/01a91019-8d54-4322-a295-dbfdc12dfab9n%40googlegroups.com
>>> 
>>> .
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/08a438ff-9d7a-47e0-abe2-d68a7dd20935n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CALYYG80d1ngzzxCOJs3-M494BGLssVGRMgmQEUWopFGeXXghoQ%40mail.gmail.com.

Re: Feature Idea: Allow setting session cookie name dynamically

[Florian Apolloner]

Hi Maciej,

You can already customize the cookie name via a setting. What this request 
is asking is customization based on the request object which is not that 
common. Did you check that you configured your applications correctly to 
use different cookie names 
(https://docs.djangoproject.com/en/4.0/ref/settings/#session-cookie-name)?

> I wonder if using a Django project code name as part of session cookie 
for new projects would have a potential to be considered as an accepted 
feature.

has not been considered (as far as I know) and is something I'd be strongly 
against.

Cheers,
Florian

On Monday, June 6, 2022 at 11:51:24 PM UTC+2 macie...@gmail.com wrote:

> Hi Dan and Carlton,
>
> In my current company I am impacted by conflicting session cookie name. We 
> have several internal tools built on Django, available in the internal 
> network under the same top-level domain. The scope of session cookies 
> apparently was set on more than one service to a wildcard. Majority of 
> users use only one of services in day-to-day work, so it's not impacting a 
> big number of people.
>
> I personally would be +1 for exposing a method to easily and without 
> copying much code one was able to change it.
>
> I wonder if using a Django project code name as part of session cookie for 
> new projects would have a potential to be considered as an accepted feature.
>
> Kind regards,
> Maciej
>
> pon., 6 cze 2022 o 22:19 Dan Strokirk  napisał(a):
>
>> Hi Carlton, thanks for the response.
>>
>> An external package might be useful, although the code majority of the 
>> code would be the copied SessionMiddleware code and the tiny changes to 
>> allow a dynamic cookie name, so my thoughts is that this might be "too 
>> small" for a published pypi package?
>>
>> But since I haven't found a similar request earlier on this mailing list 
>> or the issue tracker, it seems that it might be really niche, as you say!
>>
>> Best regards,
>> Dan
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django developers (Contributions to Django itself)" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-develop...@googlegroups.com.
>>
> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-developers/01a91019-8d54-4322-a295-dbfdc12dfab9n%40googlegroups.com
>>  
>> 
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/08a438ff-9d7a-47e0-abe2-d68a7dd20935n%40googlegroups.com.

Re: Feature Idea: Allow setting session cookie name dynamically

[Maciek Olko]

Hi Dan and Carlton,

In my current company I am impacted by conflicting session cookie name. We
have several internal tools built on Django, available in the internal
network under the same top-level domain. The scope of session cookies
apparently was set on more than one service to a wildcard. Majority of
users use only one of services in day-to-day work, so it's not impacting a
big number of people.

I personally would be +1 for exposing a method to easily and without
copying much code one was able to change it.

I wonder if using a Django project code name as part of session cookie for
new projects would have a potential to be considered as an accepted feature.

Kind regards,
Maciej

pon., 6 cze 2022 o 22:19 Dan Strokirk  napisał(a):

> Hi Carlton, thanks for the response.
>
> An external package might be useful, although the code majority of the
> code would be the copied SessionMiddleware code and the tiny changes to
> allow a dynamic cookie name, so my thoughts is that this might be "too
> small" for a published pypi package?
>
> But since I haven't found a similar request earlier on this mailing list
> or the issue tracker, it seems that it might be really niche, as you say!
>
> Best regards,
> Dan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/01a91019-8d54-4322-a295-dbfdc12dfab9n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CALYYG81HK-M2erdz4j5Jtp3h8J3vOaPj-qvE7rMPFRNiqKY1uA%40mail.gmail.com.

Re: Feature Idea: Allow setting session cookie name dynamically

[Dan Strokirk]

Hi Carlton, thanks for the response.

An external package might be useful, although the code majority of the code 
would be the copied SessionMiddleware code and the tiny changes to allow a 
dynamic cookie name, so my thoughts is that this might be "too small" for a 
published pypi package?

But since I haven't found a similar request earlier on this mailing list or 
the issue tracker, it seems that it might be really niche, as you say!

Best regards,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/01a91019-8d54-4322-a295-dbfdc12dfab9n%40googlegroups.com.

Re: Feature Idea: Allow setting session cookie name dynamically

[Carlton Gibson]

Hey Dan.

Thanks for following up here.

Just to recap, my reasoning on the ticket was that it's quite a niche
use-case. For me, just use the custom SessionMiddleware, or put that in a
third-party package for multi-tenancy folks to maintain together. (Or so
would be my opening thought... -- interested to see others' thoughts.)

Kind regards,
Carlton

Aside: Searching, there are lots of disparate resources for multi-tenant
deploys; slightly orthogonal to your exact suggestion here, I imagine
there's good work to be done corralling the interested parties and
patterns. Maybe one of the existing resources already does this... 樂




On Thu, 2 Jun 2022 at 14:47, Dan Strokirk  wrote:

> Hi,
>
> Currently it's only possible to use a single session cookie, but it can be
> useful in a multi-tenant application to use multiple session cookies. To
> solve this we currently use our own, slightly modified SessionMiddleware
> class that we keep in sync with the official implementation and re-apply
> the patch during each Django upgrade.
>
>
> Proposal: Adding a new get_cookie_name or get_cookie_params method to
> the SessionMiddleware class might be one way to implement this, which means
> that you can then then use your own subclassed middleware to easily
> override it. It would take the request and response objects as arguments.
>
> If this seems like a reasonable feature to add I'd be glad to supply a
> patch.
>
> (I've previously submitted a WONTFIX ticket for this, perhaps a little
> over-eager :) https://code.djangoproject.com/ticket/33760)
>
> Best regards,
> Dan
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers (Contributions to Django itself)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-developers+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-developers/879fbda1-c8f6-4995-a3d0-7b2cbe5bc282n%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/CAJwKpyROabEZPD2N%2BgQfJxGWh4TW%2BiZe1w5O0P8C4aKdS9nHwA%40mail.gmail.com.

Feature Idea: Allow setting session cookie name dynamically

[Dan Strokirk]

Hi,

Currently it's only possible to use a single session cookie, but it can be 
useful in a multi-tenant application to use multiple session cookies. To 
solve this we currently use our own, slightly modified SessionMiddleware 
class that we keep in sync with the official implementation and re-apply 
the patch during each Django upgrade.


Proposal: Adding a new get_cookie_name or get_cookie_params method to 
the SessionMiddleware class might be one way to implement this, which means 
that you can then then use your own subclassed middleware to easily 
override it. It would take the request and response objects as arguments.

If this seems like a reasonable feature to add I'd be glad to supply a 
patch.

(I've previously submitted a WONTFIX ticket for this, perhaps a little 
over-eager :) https://code.djangoproject.com/ticket/33760)

Best regards,
Dan

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/879fbda1-c8f6-4995-a3d0-7b2cbe5bc282n%40googlegroups.com.