I have two web2py apps, and I want the user to log in in one app and keep
logged in when accessing the second app. The apps are called *demo* and
*demo_panel*.
Also I'm using a *custom login method* (that is, custom html with
javascript and handling the controller/function).
In addition, I'm *serving each app through a different domain* (using
routes.py). This part works perfectly.
In this scenario, I'm having trouble to share the session between those two
apps. Actually, I have partially achieved all this, except for one problem:
*when
the session expires accordingly to auth.settings.expiration, on Firefox I
can't login anymore until I delete the cookies*.
So, I'll go for parts with what I have, and if someone sees something ugly
or incorrect, I would be really appreciated to point it out :)
First, this is the section of the custom controller function that handles
the login.
It works ok on Firefox, Chrome, mobile, etc. Don't know if it's the correct
way to do it, but it works for me:
# ... after received email and password by post vars and checked both are
present
usuario = db(db.auth_user.email==request.post_vars.email).select().first()
if not usuario:
return response.json({'success':False, 'mensaje':'Email incorrecto'}
elif usuario.registration_key:
return response.json({'success':False, 'Registro pendiente de confirmar'
})
else:
usuario = auth.login_bare(request.post_vars.email, request.post_vars.
password)
if not usuario:
return response.json({'success':False, 'mensaje':'Datos de ingreso
incorrectos'})
else:
session.auth.expiration = auth.settings.expiration
if request.post_vars.remember_me:
session.auth.expiration = auth.settings.long_expiration
session.auth.remember_me = True
response.cookies[response.session_id_name]["expires"] = session.
auth.expiration
return response.json({'success':True})
Accordingly to the book, in order to share sessions between apps, I do this
on both app models/db.py:
#both apps connect to the same database
db = DAL(\
'postgres://%s:%s@%s/%s' %(DB_USER, DB_PASSWORD, DB_HOST, DB_NAME), \
folder = DATABASES_FOLDER)
# and then connect to session
session.connect(request, response, db=db, masterapp='demo')
In addition, I'm *serving each app through a different domain* (using
routes.py) so apps are served this way:
demo --> served by domain dev.demo
demo_panel --> served by domain panel.dev.demo
>From this we can deduce that the browser will handle two cookies, one per
domain (I've being inspecting cookies created with Firefox and Chrome, and
its that way).
So, it wasn't enought with masterapp='demo'. *After loggin in in
demo_panel, the sessiong wasn't shared when accesing demo app through
dev.demo domain*.
I'm not sure about technical backgrounds of this, but I think it's correct,
considering that each app is served through a different domain, so the
browser handles that as that: different domains.
However, I had partially resolved the problem, modifing models/db.py like
this:
# connecting to session stays the same than before..
session.connect(request, response, db=db, masterapp='demo')
# and these new lines
if response.cookies.has_key(response.session_id_name):
response.cookies[response.session_id_name]['domain'] = 'dev.demo'
Ok, don't ask me why I added those lines, don't remember how I get there.
But that got it working. I can login in panel.dev.demo domain (demo_panel
app), and then I can go to dev.demo (demo app) and I'm still logged in.
The only problem is with Firefox when the session expires accordingly to
auth.session.expire.
After that, the first portion of code posted here (the one that handles the
custom login) runs ok, no errors, returns success=True, but when the user
is redirected to requested uri, is requeste to login again. That is, the
user can't login anymore until I delete the browser cookies. This happens
only on Firefox.
What could be the problem? Is something bad about my custom login? Or a bug
handling sessions in firefox? Thanks in advance!
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
