I have two applications that share the same model.
One of the applications runs on top level domain, and the other runs in a
subdomain:
*test.com*: applications/test
*admin.test.com*: applications/test_admin
The user logs in from admin.test.com and the cookie needs to be valid also
for test.com (so the user is logged in in both applications).
I use this custom code to login the user:
def login():
email = request.post_vars.email
password = request.post_vars.password
user = auth.login_bare(email, password)
if user:
session.auth.expiration = auth.settings.expiration
return response.json({'success': True})
Additionally, in order to make the session valid for the top level domain
also, I've added this to models/db.py (remember it is the same model for
both applications):
sessiondb = RedisSession(redis_conn=redis_conn, session_expiry=36000)
session.connect(request, response, db=sessiondb, masterapp='test')
if response.session_id_name in response.cookies:
response.cookies[response.session_id_name]['domain'] = 'test.com'
This approach has been working smoothly for long time, and it still does.
However, *it doesn't work properly on several versions of Safari*. In those
cases, the login is done properly, but then it would seem that the browser
can't read the cookie. So the user logs in, it is redirected to the main
domain, but when he wants to go to the admin application, he is asked to
login again.
I've always thought that the problem is within Safari.
But recently I used the Chrome Inspector to inspect cookies and *I've
noticed some weird stuff going on with cookies*:
*Accessing test.com (being logged) shows these four cookies:*
*Name*=session_id_test
*Value*="154:1ad89acc-1f33-4c9a-805e-6888dcf227d3"
*Domain*=admin.test.com
*Name*=session_id_test
*Value*="154:aab759f5-4738-42e3-978f-05ba4e60c5a4"
*Domain*=.test.com
*Name*=session_id_test
*Value*="153:34738cd8-e451-4f66-a059-3afd0a805afe"
*Domain*=test.com
*Name*=session_id_test_admin
*Value*=127.0.0.1-0ab04b23-f8df-406c-988e-977b6d78b3f7
*Domain*=admin.test.com
*Accessing admin.test.com (being logged) shows these four cookies:*
*Name*=session_id_test
*Value*="154:1ad89acc-1f33-4c9a-805e-6888dcf227d3"
*Domain*=admin.test.com
*Name*=session_id_test
*Value*="154:aab759f5-4738-42e3-978f-05ba4e60c5a4"
*Domain*=.test.com
*Name*=session_id_test
*Value*="153:34738cd8-e451-4f66-a059-3afd0a805afe"
*Domain*=test.com
*Name*=session_id_test_admin
*Value*=127.0.0.1-af3d5aaa-3388-4bf5-8c65-69693f7eed35
*Domain*=admin.test.com
I'm not sure if there should be that many cookies.
I think that these lines from models/db.py could be making that mess:
if response.session_id_name in response.cookies:
response.cookies[response.session_id_name]['domain'] = 'test.com'
However, I can confirm that this code is running smoothly on major versions
of Chrome, Firefox, etc.
It doesn't work only on Safari (actually, it works on a few versions of
Safari).
What do you think?
If my approach isn't right, what should I add to models/db.py to share the
session for both applications?
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/568a68ab-0688-46c9-9e8c-9048d4abb243%40googlegroups.com.
