Hi there! I've run into this situation that looks like a bug. 
I've found the problem when trying to make two apps share the sessions 
(storing sessions in files or in database). But the problem only happens 
when I use parametter-based router in order to exclusively map domains to 
I've been able to reproduce it from scratch using web2py last stable 
version (2.16.1). Here are the steps I follow to reproduce the problem:

1) Download and unzip web2py

2) From the admin app, create two new apps: *test* and *test_panel*

3) As we need the two apps to use the same database, delete 
applications/test_panel/models/db.py and replace it by a symlink pointing 
to applications/test/models/db.py

4) In models/db.py add this line right after instantiating DAL, in order to 
connect to the session:

session.connect(request, response, cookie_key='mycookiekey', masterapp=

Notice the "masterapp" argument is pointing to the "test". 
Remember both apps use the same model (symlinked). 

5) The login/register/logout will be done in "test" app. For the sake of 
this example, we won't make anymore changes to the apps (we would have to 
delete the login/register/logout functions at *test_panel* app, as the 
login will be done only in *test* app, but it's not necessary for this 
example). Notice the only change we did is "session.connect" in the model, 
nothing more.

*Up to here, it works like a charm*. I can login in *test* app, and then I 
go to *test_panel* app and I can see that I'm logged in.
If I inspect the request cookies when accessing *test_panel* app, I can see 
there are a couple of cookies sent:


The important part here is that the "session_data_test" cookie is sent, 
that is, the cookie that was written when I logged in at *test* app.

So, everything works ok here. Both apps are sharing cookie sessions.
However, *the problem appears if we want to access test app in the main 
domain and test_app in a subdomain*.
Here is the steps to reproduce the problem:

6) Create a routes.py file at the web2py root folder, and put this content:

# -*- coding: utf-8 -*-

routers = dict(
        'panel.test.com': 'test_panel'

7) Edit the /etc/hosts file and add both domains as localhost: *test.com* 
and *panel.test.com*. This way, each app can be accessed only through the 
specified domain.

*This is where the problem appears.* Apps no longer share sessions. 
I login at test.com (remember to use the 8000 port or whatever port you 
used to start web2py's embedded server).
Then I go to panel.test.com, inspect the request cookies and I see this 
cookies are being sent:


Notice there is no "session_data_test" cookie being sent, that's why I'm 
not logged in when I go to panel.test.com.

*This problem is the same when the sessions are stored in database*. In 
order to make that test, just replace session.connect with this:

session.connect(request, response, db=db, masterapp='test')

The problem is the same. Sessions are correctly shared, but in the moment 
you configure routes.py to map each app to a specific domain, cookies 
aren't shared anymore.
Is this the expected behaviour or could it be a bug?

Thanks in advance.

- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to