Django管理员 - 重新身份验证? [英] Django Admin - Re-authentication?
问题描述
这不觉得正确对我来说,我想知道是否难以至少需要重新认证同一个会话才能进入后端。
最好是,如果前端会话可以与后端会话分离(尽管仍然使用相同的用户对象),那么这样做会很好,这样可以清除站点的两个部分。这可能需要两个单独的身份验证后端?这样的事情很难实现?
这是一个想法:将管理应用程序运行到前端的不同域。 Cookie在其他域中将无效,因此用户将不得不重新登录。所有你需要的是一个单独的Apache vhost和一个基本的settings.py,在 INSTALLED_APPS contrib.admin >。
I'm in a bit of a dilemma at the moment regarding Django's admin backend. The default authentication system allows already logged-in users that have staff privileges to access the admin site, however it just lets them straight in.
This doesn't feel "right" to me, and I'm wondering if it would be difficult to at least require a re-authentication of that same session in order to get into the backend.
Preferably though, it'd be good if the frontend sessions could be separated from the backend ones (though still using the same user objects), this would allow a clean separation of both parts of the site. Would this perhaps require two separate authentication backends? Would something like this be difficult to achieve?
Here's an idea: run the admin app on a different domain to the frontend. The cookies won't be valid in the other domain, so the user will have to log in again. All you'd need would be a separate Apache vhost and a basic settings.py that just has contrib.admin in INSTALLED_APPS.
这篇关于Django管理员 - 重新身份验证?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
