In production server I can't login to my website.
I know that it is some bug of Django with MD5 crypt or something like that, but unfortunately I don't remember what I should do. I am searching the answer since half day, but I can't find this website where was explained this problem.
DO you know how I can do sessions working.
In answer to this bit the comments
Sorry, but problems is otherwise. I
am using subdomains like pl.domain and
uk.domain and domain. User is only
logged in one subdomain, but I want
make it logged in all website. Is it
possible? – Thomas
you need to allow cross-domain sessions that don't just refer to a subdomain. By default, Django will give you different sessions for bar.example.com and foo.example.com.
In your settings.py set SESSION_COOKIE_DOMAIN to .domain.tld (don't forget the leading dot!) and you'll be sorted.
Related
I have built my first Django App! It is built to help my business track inventory. As such, I would not like it to be publicly available.
Maybe someday I will set up multiple user accounts, etc, but for now I really just need a basic password gate to get it up and running.
Does anyone have any middleware that works for this? All the solutions that I am finding are pretty old and they do not seem to work with the latest version of Django.
If you just need a single username/password couple, handling it directly via HTTP authentication in your webserver configuration will be the easiest way to achieve this. The benefits of this approach are:
You can set it up in 5 minutes: example with nginx, example with apache
You don't have to write code you'll delete later
It will protect all your website, including static files, third-party apps, admin, etc.
I found an answer that worked for me posted here:
#login_required for multiple views
Make sure the LOGIN_REQUIRED_URLS_EXCEPTIONS path is correctly set to your login page.
Is there a way to save a cookie that is available on other site ?
For instance I have my django project on http://www.example.com and I want that django saves a cookies for a site written in PHP on http://site.Idontknow.com .
Is this possible ?
No, this is not possible. Browsers do not let you set cookies on other sites, for (hopefully) obvious security reasons.
Short answer is no.
Longer answer is that while you can't do it directly you could include a resource in your page, like an image or a small page loaded in an iframe or similar, which came from the 3rd party site which in turn set its own cookie. Not exactly secure or reliable.
I am tasked to create a web site using Django. It will be a 'sister' site to an existing Plone site. The same Apache instance will be the front end to the sites which allows me to use the same domain name.
However, the owners want the users to be able to log into one and still be logged into the other one.
How can this be accomplished?
Thanks! :)
Gut reaction is to use OAuth - see How to build a secure Django single signon between different sites?
Alternatively, have you tried this single sign-on app - http://code.google.com/p/django-sso/ ?
Also have a look on Django's documentation on how to implement your own authorization backend at http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
My gut reaction is to use LDAP. Plone's LDAP support is a little rough, but it works. Does Django have equivalent or better LDAP support? If so, then I think you are off and running…
You can move authentication to SQLPASPlugin and use the same table for Django and Plone.
There are two problems here, shared logins, and single sign on. LDAP or SQL based logins will give you the first, but you'll still have to enter your password in both sites. You need single sign on to remain logged in across bpth.
plone.session 3.0 (part of Plone 4, but compatible with Plone 3.3 if you also add hashlib to your buildout) is compatible with Apache mod_auth_tkt single sign on. It should be simple enough to configure Django to use Apache authentication, or if you're not running Apache, wrap plone.session's tktauth.py in a simple wsgi wrapper. Use the Plone site's require_login script as the TKTAuthLoginURL.
I have a website done with Django, that was previously done with PHP and CodeIgniter. I've moved the website to Webfaction, changed the DNS and all other configurations, but now my email is full of errors like this:
Error (EXTERNAL IP): /index.php/main/leer/7497
I don't know why the Django app is looking for pages from the PHP app, specially since the PHP app was in another host.
Are those URLs from your old site? That's probably a case of people having stale bookmarks, trying to navigate to them, and getting 404s. You might want to consider catching those, and redirecting to the new URL with response code 302.
I can't imagine those errors are caused by Django (except in the sense that the reports are from Django reporting 404s, which it does for free).
I agree with above. Just want to add you should use django.contrib.redirects to move the redirects.
You can read more about it here
I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:
1) User that logs in to foo.com is automatically able to access bar.com without logging in again
2) User that logs in to bar.com directly is authenticated against foo.com user db.
3) There is no need for a user to register at bar.com directly.
How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.
It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.
If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.
Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.
The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).
What you are really looking for is a Single Sign On (SSO). You might consider django-openid.
I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.
I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:
SESSION_COOKIE_DOMAIN = 'foo.com'
See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.