On Monday, December 28, 2015 at 12:51:22 AM UTC-5, LightOfMooN wrote:
>
> But is there a way to push session cookie for multiple domains at once?
> Something like:
>
> for domain in ['mydomain.com', 'mydomain.de', 'mydomain.ru', 'mydomain.fr']:
>
> session_id = generate_session_id(domain)
>
> ...
>
> response.push_cookies[session_id]['domain'] = domain
>
>
Browsers will not allow one domain to set a cookie for another domain, as
this is a security risk.
I haven't tried it, but one thing you might try is to pass the session_id
for one domain to the other domains via hidden iframes. The steps would be
something like this:
1. After the user successfully logs in to mydomain.com, set a flag in
the session (e.g., session.share_login=True).
2. In the layout.html, when session.share_login is True, create a hidden
iframe for each of the other domains, with the current session_id in the
query string (i.e., src="{{=URL('default', 'set_session_id',
vars=dict(session_id=response.session_id))}}"). Then set
session.share_login=False so the iframes are not created on any subsequent
requests.
3. Create a /default/set_session_id function that sets
response.session_id = request.get_vars.session_id. It doesn't matter what
the function returns (maybe just return a string such as "OK").
With the above workflow, when a user logs in, a request will be made to
each of the other domains. For each domain, web2py will return a new
session cookie whose session_id is the same as the session_id of the
original domain. When you go to one of the other domains, its session
cookie will be sent to the server and used to retrieve the same session
established on the original domain.
Note, instead of hidden iframes, you could also use script tags or hidden
image tags.
Anthony
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
