It's awesome!
Thank you, Anthony. You made my day.
It works fine.
Here is the resulting code:
in db.py:
def share_login(form):
session.share_login = True
auth.settings.login_onaccept = share_login
in gluon/tools after
if self.settings.renew_session_onlogout:
current.session.renew(clear_session=not
self.settings.keep_session_onlogout):
current.session.share_login = True
can't use auth.settings.logout_onlogout because it runs before session
renew :(
in default.py:
def set_sid():
if request.get_vars.sid:
response.session_id = request.get_vars.sid
return ''
and finally in general template (layout.html):
{{if session.share_login:}}
{{for domain in share_domains:}}
<script type="text/javascript"
src="//{{=domain}}/default/set_sid?sid={{=response.session_id}}"></script>
{{pass}}
{{session.share_login=False}}
{{pass}}
понедельник, 28 декабря 2015 г., 22:55:42 UTC+5 пользователь Anthony
написал:
>
> On Monday, December 28, 2015 at 12:51:22 AM UTC-5, LightOfMooN wrote:
>>
>> But is there a way to push session cookie for multiple domains at once?
>> Something like:
>>
>> for domain in ['mydomain.com', 'mydomain.de', 'mydomain.ru', 'mydomain.fr']:
>>
>> session_id = generate_session_id(domain)
>>
>> ...
>>
>> response.push_cookies[session_id]['domain'] = domain
>>
>>
> Browsers will not allow one domain to set a cookie for another domain, as
> this is a security risk.
>
> I haven't tried it, but one thing you might try is to pass the session_id
> for one domain to the other domains via hidden iframes. The steps would be
> something like this:
>
> 1. After the user successfully logs in to mydomain.com, set a flag in
> the session (e.g., session.share_login=True).
> 2. In the layout.html, when session.share_login is True, create a
> hidden iframe for each of the other domains, with the current session_id
> in
> the query string (i.e., src="{{=URL('default', 'set_session_id',
> vars=dict(session_id=response.session_id))}}"). Then set
> session.share_login=False so the iframes are not created on any subsequent
> requests.
> 3. Create a /default/set_session_id function that sets
> response.session_id = request.get_vars.session_id. It doesn't matter what
> the function returns (maybe just return a string such as "OK").
>
> With the above workflow, when a user logs in, a request will be made to
> each of the other domains. For each domain, web2py will return a new
> session cookie whose session_id is the same as the session_id of the
> original domain. When you go to one of the other domains, its session
> cookie will be sent to the server and used to retrieve the same session
> established on the original domain.
>
> Note, instead of hidden iframes, you could also use script tags or hidden
> image tags.
>
> Anthony
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
