如何在同一子域上获取不同的 Django 应用程序以共享会话 cookie? [英] How to get distinct Django apps on same subdomain to share session cookie?

查看:34
本文介绍了如何在同一子域上获取不同的 Django 应用程序以共享会话 cookie?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们在同一个子域上部署了几个 Django 应用程序.一些高级用户需要在这些应用程序之间切换.我注意到每次他们在应用程序之间跳转时,他们的会话 cookie 都会从 Django 接收一个新的会话 ID.

We have a couple of Django applications deployed on the same subdomain. A few power users need to jump between these applications. I noticed that each time they bounce between applications their session cookie receives a new session ID from Django.

除了在一个复杂的工作流程中,我很少使用 Django 会话表.如果用户在此工作流程中在应用程序之间跳来跳去,他们将失去会话并必须重新开始.

I don't use the Django session table much except in one complex workflow. If the user bounces between applications while in this workflow they lose their session and have to start over.

我翻阅了 Django 会话代码,发现:

I dug through the Django session code and discovered that the:

django.conf.settings.SECRET_KEY

django.conf.settings.SECRET_KEY

用于对每个请求的会话执行完整性检查.如果完整性检查失败,则会创建一个新会话.意识到这一点,我将每个应用程序中的密钥更改为使用相同的值,认为这将允许完整性检查通过并允许它们共享 Django 会话.然而,它似乎并没有奏效.

is used to perform an integrity check on the sessions on each request. If the integrity check fails, a new session is created. Realizing this, I changed the secret key in each of these applications to use the same value, thinking this would allow the integrity check to pass and allow them to share Django sessions. However, it didn't seem to work.

有没有办法做到这一点?我还缺什么吗?

Is there a way to do this? Am I missing something else?

提前致谢

推荐答案

我建议您将两个应用程序的 SESSION_COOKIE_NAME 设置为不同的 值.您的用户最初仍需要登录两次,但他们的会话不会发生冲突 - 如果他们登录应用 A,然后登录应用 B,然后返回 A,他们仍将拥有 A 会话.

I would instead advise you to set SESSION_COOKIE_NAME to different values for the two apps. Your users will still have to log in twice initially, but their sessions won't conflict - if they log in to app A, then app B, and return to A, they'll still have their A session.

在 Django 实例之间共享会话可能不是一个好主意.如果您想要某种单点登录,请查看 django-cas 之类的东西.您仍将有 2 个会话(应该如此),但用户只会登录一次.

Sharing sessions between Django instances is probably not a good idea. If you want some kind of single-sign-on, look into something like django-cas. You'll still have 2 sessions (as you should), but the user will only log in once.

这篇关于如何在同一子域上获取不同的 Django 应用程序以共享会话 cookie?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆