subdomains are allowed. Different domains are not. Doing what you are doing is "permitted", although it's surely not a best practice.
On Tuesday, May 31, 2016 at 3:47:10 PM UTC+2, Lisandro wrote: > > Hi Niphlod, thanks for your answer. > > I've realised that my example has an important error. > Let's forget about *secondarydomain.com <http://secondarydomain.com>, **there > is one only domain, and a subdomain*. This may change a little the > considerations. > *The user logs in through panel.customdomain.com > <http://panel.customdomain.com>, and then navigates through both domains * > *customdomain**.com and panel.**customdomain**.com*. > > This method is working ok, and it's been working for a long time. > I guess this line is doing the trick: > response.cookies[response.session_id_name]['domain'] = 'customdomain.com' > > Then, for example, from within the views of *customdomain.com > <http://customdomain.com>*, I can succesfully make ajax calls to > *panel.customdomain.com > <http://panel.customdomain.com>,* that is: calls to URLs that need login. > And everything work ok that way. > Is this still consider a bad practice? Or is it ok because it's the same > domain? > > > I understand this is not web2py specific. > I appreciate your time. > Now I will take a look into CORS, and make some tests. > > Regards, > Lisandro. > > > El martes, 31 de mayo de 2016, 10:12:24 (UTC-3), Niphlod escribió: >> >> afaik cookies can't be sent to multiple domains. CORS is needed. IMHO >> it's correct that web2py doesn't provide a way to support that. >> >> On Tuesday, May 31, 2016 at 2:46:45 PM UTC+2, Lisandro wrote: >>> >>> I have *two web2py apps that share the same db, and they also share the >>> session*. >>> Both *apps are served through different domains* (using routes.py). >>> That means that *the user logs in one domain* (through one of the >>> apps), *and then can navigate through both domains* (that is, both >>> apps) being logged in. >>> >>> I've achieved that with this code in models/db.py: >>> >>> db = DAL(...) >>> >>> session.connect(request, response, db=db, masterapp='primary') >>> >>> if response.session_id_name in response.cookies: >>> response.cookies[response.session_id_name]['domain'] = ' >>> primarydomain.com' >>> >>> *Apps are called "primary" and "secondary", the domains are >>> "primarydomain.com <http://primarydomain.com>" and "secondarydomain.com >>> <http://secondarydomain.com>", and the login is done through secondary app.* >>> >>> >>> *Please notice the last two lines of code.* I had to add those two >>> lines in order for it to work. >>> It wasn't enough setting masterapp='primary', the session wasn't shared >>> through apps (and both domains), so then I managed to make that fix. >>> However, *I'm not so sure if that's the correct way of doing it.* >>> The reason I'm not sure is because some times (very few times), the >>> browser gets stuck asking for login. >>> I cannot reproduce the problem, but in some rare ocasions, the user >>> cannot login anymore (the browser keeps asking email and password, and the >>> user needs to delete all cookies in order to login again). >>> >>> If you consider that isn't the proper way of doing it, I will appreciate >>> any suggestion or comment. >>> Thanks as always! >>> >>> Regards, >>> Lisandro. >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
