Re: Changing domain cookie
On Tue, Aug 04, 2009 at 09:14:42AM +1000, Malcolm Tredinnick wrote: > > On Mon, 2009-08-03 at 17:51 +0100, Chris McCormick wrote: > > I have a strange issue happening with domain cookies. On the site I'm > > working > > Python's Cookie module doesn't handle multiple cookies of the same name > very well, so there might be something going on there. But I'm not going > to spend too much time thinking about this, since there's an easy > solution: In addition to changing the cookie domain, change the session > cookie's name. That way you will no longer be looking for the old cookie > at all (Django won't care about it) and you can just work with the new > name that will only exist with one domain setting. Everybody will appear > to be logged out the next time they use the site, but that shouldn't be > too onerous. Great, thanks for the advice, Malcolm, I think this should work for our use-case. We're pretty keen to not log existing users out since we have a weird "anonymous user" thing happening, which are actually real users who are automatically logged in. I will have to come up with some way of copying their old session cookie to the newly named one, but at least having a differently named one will mean I can tell them apart. Best, Chris. --- http://mccormick.cx --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Re: Changing domain cookie
On Mon, 2009-08-03 at 17:51 +0100, Chris McCormick wrote: > Hi All, > > I have a strange issue happening with domain cookies. On the site I'm working > on we previously didn't have SESSION_COOKIE_DOMAIN set and so the cookie > defaulted to "Host: mysite.com" We have a bunch of users logged in with that > cookie set. Then we decided we wanted to share the cookie with our subdomains > and so we change SESSION_COOKIE_DOMAIN to be ".mysite.com" which seemed to > work > at first. We are now getting a weird issue which I have narrowed down to users > having two of the same sessionid cookie set, but one has "Host: mysite.com" > and > one has "Domain: .mysite.com" which seems to be confusing Django. The > "confusing Django" behaviour I am experiencing is that when the user logs in, > the cookie seems to switch to use the one I don't want and won't log them in. > E.g. on the Django side the login seems to work, but the user just gets a > logged out screen. Does anyone have any tips on what Django is doing > internally, and how I can fix this issue? Oh yeah, in some of my views I am > doing request.session.set_expiry(distant_future()) - is there a chance this > could be messing with the login process? I have stopped the weirdness by > unsetting SESSION_COOKIE_DOMAIN, so people can log in again successfully now, > but I'd really like to be able to use the wildcard subdomain thing. Python's Cookie module doesn't handle multiple cookies of the same name very well, so there might be something going on there. But I'm not going to spend too much time thinking about this, since there's an easy solution: In addition to changing the cookie domain, change the session cookie's name. That way you will no longer be looking for the old cookie at all (Django won't care about it) and you can just work with the new name that will only exist with one domain setting. Everybody will appear to be logged out the next time they use the site, but that shouldn't be too onerous. Regards, Malcolm --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
Changing domain cookie
Hi All, I have a strange issue happening with domain cookies. On the site I'm working on we previously didn't have SESSION_COOKIE_DOMAIN set and so the cookie defaulted to "Host: mysite.com" We have a bunch of users logged in with that cookie set. Then we decided we wanted to share the cookie with our subdomains and so we change SESSION_COOKIE_DOMAIN to be ".mysite.com" which seemed to work at first. We are now getting a weird issue which I have narrowed down to users having two of the same sessionid cookie set, but one has "Host: mysite.com" and one has "Domain: .mysite.com" which seems to be confusing Django. The "confusing Django" behaviour I am experiencing is that when the user logs in, the cookie seems to switch to use the one I don't want and won't log them in. E.g. on the Django side the login seems to work, but the user just gets a logged out screen. Does anyone have any tips on what Django is doing internally, and how I can fix this issue? Oh yeah, in some of my views I am doing request.session.set_expiry(distant_future()) - is there a chance this could be messing with the login process? I have stopped the weirdness by unsetting SESSION_COOKIE_DOMAIN, so people can log in again successfully now, but I'd really like to be able to use the wildcard subdomain thing. Best, Chris. --- http://mccormick.cx --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~--~~~~--~~--~--~---
