从另一个域重定向时,Django会话被丢弃 [英] Django Sessions getting dropped when redirected from another domain
问题描述
当用户访问我的域时,django会发出一个sessionid。当他尝试使用Facebook进行Oauth时,他单击了我网站上的一个按钮,该按钮重定向到Facebook.com。 Facebook重定向回我的域,但此时,用户的会话已丢失,Django似乎正在发布新的会话变量。
When a user visits my domain, a sessionid is issued by django. When he tries to do Oauth with Facebook, he clicks a button on my site which redirects to Facebook.com. Facebook redirects back to my domain, but at this point, the user's session is lost and Django seems to be issuing a new session variable.
我希望被删除的会话继续存在,因为我必须将访问者与其Facebook帐户关联到我的网站,但是当该会话被删除时,已登录的用户将注销
I want the dropped session to persist because I must associate the visitor to my site with his Facebook account, but when the session is dropped, the logged in user is logged out.
我怀疑这可能与django的XSS保护有关。当用户离开我们的网站登录Facebook时,如何使用户信息持久化?
I have a suspicion that this may be behavior related to django's XSS protection. How do I make the user information persist when the user leaves our site to log in at Facebook?
推荐答案
您可能需要确认创建Cookie时具有相同的域。有时可能会导致问题。如果您要访问网站www.example.com,而OAuth回调指向example.com,则可能有两个单独的Cookie,一个用于www.example.com,一个用于example.com
You might want to confirm that the cookies have the same domain when being created. That can sometimes cause problems. If you are going to the website www.example.com and the OAuth callback points to example.com, then it's possible you have two separate cookies, one for www.example.com and one for example.com
在浏览器上打开始终询问,并注意cookie的详细信息。确保两次 Host:字段的值都相同。
Turn on "Always Ask" on your browser and pay attention to the cookie details. Make sure that the value for the "Host:" field is the same both times.
此修复程序输入的内容类似于 .example.com ,用于 settings.py 文件中的 SESSION_COOKIE_DOMAIN 。
The fix is entering something like .example.com for SESSION_COOKIE_DOMAIN in your settings.py file.
这篇关于从另一个域重定向时,Django会话被丢弃的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
