How to save a custom cookie - django

Is there a way to save a cookie that is available on other site ?
For instance I have my django project on http://www.example.com and I want that django saves a cookies for a site written in PHP on http://site.Idontknow.com .
Is this possible ?

No, this is not possible. Browsers do not let you set cookies on other sites, for (hopefully) obvious security reasons.

Short answer is no.
Longer answer is that while you can't do it directly you could include a resource in your page, like an image or a small page loaded in an iframe or similar, which came from the 3rd party site which in turn set its own cookie. Not exactly secure or reliable.

Related

Django request paths

I've been working through an issue with my django project. The issue is I've got one project, which will retrieve data for users of different clients. I need to know 'from where' a viewer is coming from (request.path [my original solution]). I've been looking at a number of different options which sound close to what I want to do, but I'm not sure what the best option is, not having done this before.
My first option was to add a url in the urls.py with a 'tag' or 'keyword' then look for that tag/keyword in the request.path, which I'd add as a session key. Then go onto get the data.
Something else I started looking at was the sites framework. After reading through the documentation, I'm still confused how sites actually works, so I'm not sure if this is the right option.
Another solution talked about using middleware, this came up in connection with the research into using the sites framework.
And then yet another talked about doing this in apache.
Could some one help point me in the right direction?
Cheers,
T
If you need to know from which URL came your user to your currrent page you should check the REFERER http header, available in request.META.get('HTTP_REFERER').
See http://docs.djangoproject.com/en/1.2/ref/request-response/#ref-request-response for more informations.
Be careful though, the referer meta is not mandatory and could be missing due to private browsing or direct access to the page from the URL bar.
It's not completely clear from your question, but if you're asking for the URL that the user was on before coming to the current page, you probably want request.META['HTTP_REFERRER'].
Edit after comment
That would be a very bad idea. Global variables are not safe given that you potentially have multiple requests being processed at the same time. The referrer is already available from the request, which can be accessed in all views and templates, so I don't know what else a middleware would give you.

In Django, can I always force browser and provider caches to load new pages with a global setting?

I have a handful of users on a server. After updating the site, they don't see the new pages. Is there a way to globally force their browsers and providers to display the new page? Maybe from settings.py? I see there are decorators that look like they do this on a function level.
Depends on browser and cache settings.
There may be no way to tell browsers to do so (as pages are cached, they are not even talking to server, so there is nothing You can do there).
Good trick is to set Vary: Cookie header, so You can always invalidate cache (by changing cookie somewhere) in case of need.
One way to force the browser to load a new page rather than loading the cached version is to change the file name. You could add a date/time to the file name and use a rewrite rule (assuming Apache web server here) to get the new page.
This site gives a quick explanation: http://www.askapache.com/htaccess/mod_rewrite-fix-for-caching-updated-files.html
and google will show many more.
you may also have to examine your cache control headers.

Django sessions don't work with Apache installed on Ubuntu

In production server I can't login to my website.
I know that it is some bug of Django with MD5 crypt or something like that, but unfortunately I don't remember what I should do. I am searching the answer since half day, but I can't find this website where was explained this problem.
DO you know how I can do sessions working.
In answer to this bit the comments
Sorry, but problems is otherwise. I
am using subdomains like pl.domain and
uk.domain and domain. User is only
logged in one subdomain, but I want
make it logged in all website. Is it
possible? – Thomas
you need to allow cross-domain sessions that don't just refer to a subdomain. By default, Django will give you different sessions for bar.example.com and foo.example.com.
In your settings.py set SESSION_COOKIE_DOMAIN to .domain.tld (don't forget the leading dot!) and you'll be sorted.

How can I write a route/view/controller for a web framework which acts as a dumb proxy?

That is to say, let's say I'm writing something that's hosted on foo.com. I'd like it to be possible for a user who goes to foo.com/bar.com to be served up bar.com from foo.com and to be able to interact with bar.com (e.g. navigate to foo.com/bar.com/baz via point-and-click). I understand that this is what a proxy is supposed to do. I need to do some preprocessing of a request to access the proxy, which is why I'm turning to a web framework. I've a preference for django, rails, or sinatra, or another python/ruby solution, but any will do, really.
Thanks in advance; alternate suggestions are welcome.
First you will need to parse the URL at foo.com. In django you could have an url like this(not tested):
url(r'(?P<url>.*)$', my_proxy_view, name = 'proxy')
So http://foo.com/bar.com/baz/ will give you an url of 'bar.com/baz/' you may use as you please in your view.
Then you have to retrieve the page at bar.com, using a library like urllib2.
When you have the contents of the remote page, you need to change all links(anchor elements) that point to bar.com to point to the URLs of your proxy. If you want to proxy images, stylesheets and javascript you need to change the links of those as well.
You probably want to cache as much as possible as well. And be sure to set a user-agent on the urllib request that will let the other site know that this is some kind of robot or proxy.
With that said, this sounds like a really stupid idea. What is your use case?
i can only talk about django, but....
if you only want to use the same object/data on multiple websites you should have a look at the django sites framework
for redirects i would suggest the redirects app
or you simply use the redirect shortcut in your views

Besides URL rewriting, what options are available for maintaining sessions without using cookies?

I've seen various options for URL rewriting here on Stack Overflow, and other places on the web, but was curious to see if there were other options.
This is speculation, as Cookies and URL Rewriting are the big two, but technologically, I think it'd be possible to:
do some massive hackery with javascript that captures all links and submits a form with information.
track the session on the server based on IP
Both have their downsides and holes obviously.
Session variables? At work, we are not allowed to use non session-cookies without a load of permissions.
You can either maintain state through a cookie or through a query parameter. The browser needs to be able to pass data to the web server somehow and those are the only two options.
I suppose that would depend on what technology you are using. In ColdFusion you can maintain session variables without cookies.
Using a client-side database storage, such as Google Gears (sqlite) ? Html5 is expected to include one (webkit already does it).