I want to let the same user session span across:
site.com
sub1.site.com
sub2.site.com
I got this to work in production by setting SESSION_COOKIE_DOMAIN to ".site.com", but it doesn't work for me on localhost/dev servers. How do you get it to work for localhost sub-domains? When I change the SESSION_COOKIE_DOMAIN on the dev server to the production website domain or ".localhost", django auth logins completely stop working (I'm unable to ever login, no cookie is created on localhost).
I think I got a workaround solution, but couldn't use localhost. I could only get it working for a test ".com" domain that maps to 127.0.0.1.
In my /etc/hosts file (on OSX:)
127.0.0.1 test.com
127.0.0.1 sub1.test.com
127.0.0.1 sub2.test.com
Then on my development settings.py:
SESSION_COOKIE_DOMAIN=".test.com"
I could not get this working with plain "localhost", it seemed I needed the ".com" string in there to get it working. So then I could login and have cross subdomain auth cookies using sub1.test.com:8000 and sub2.test.com:8000 in my browser.
Related
I currently have an app that works with both www.domain.com and domain.com. Considering that this seems to be bad for SEO, I want it to always redirect to the naked domain.
My app works in this way:
Server: Google Cloud Platform (App engine)
App: Django
Domain provider: Godaddy
As I have researched the redirection can be done from any of these 3 options. So I want to ask: What is the best option and why?
I tested to do the redirection with GoDaddy on App Engine (An A record for www pointing to #) but when I set my custom domain in App Engine, I noticed that for the www.domain a C Record pointed to ghs.googlehosted.com setting was required in the app engine panel, I omitted that in order to do the redirection in GoDaddy, but the app wouldn't load when visiting from www.domain, a 404 error appeared (Also tried by omitting the addition of the www.domain altogether in app engine settings) So I wasn't able to accomplish this in the same fashion than an app that is hosted in a single server.
I think the easiest way would be to handle this inside the app itself like this site mentions
I have a PythonAnywhere Flask application, xtiles.pythonanywhere.com. I have a GoDaddy domain, xtilesgame.com, and GoDaddy is set up to forward the domain to the PythonAnywhere address. This works fine for Chrome and FireFox, but in Safari (and Midori, both of which are based on WebKit), the Flask session cookie comes back completely empty. Going straight to xtiles.pythonanywhere.com in Safari works fine; it's the forwarding that causes trouble.
So: Is there something different I can do in my flask application to support the forwarding? Or is there some better way to associate the domain with the PythonAnywhere address? Any idea why it works with some browsers and not others?
(I have the flask application's "secret key" set to a hard-coded value, always the same. In case it matters, PythonAnywhere has Flask version 0.11.1 by default; I tried it with a virtualenv running Flask 0.12.2 (because that's what I have locally) -- same problem.)
Thanks in advance for any help.
My guess is that the GoDaddy domain forwarding uses an iframe and that Safari is blocking cookies for iframes. So you're never getting the cookie.
I am trying to login to the admin panel of a Django application via another server (say 123.123.123.123). I have a ssh tunnel open like ssh -L 3000:my.website.com:443 user#123.123.123.123. I can then go to https://localhost:3000/admin/login/ and see the login page for the Django admin of the server running on my.website.com. Whatever credentials I put in, results in a HTTP 403 'CSRF verification failed. Request aborted.` error page.
I do not get this error when going directly to my.website.com/admin/login/. What settings might help to allow login via an SSH tunnel? I have already tried adding 'localhost' to ALLOWED_HOSTS. The CSRF cookies are secure (only available via HTTPS, which I'm always using) and have the HTTPOnly flag set.
Django will see that you're trying to access my.website.com domain and it will send back to you cookie for that domain.
But your browser is actually accessing localhost domain, so cookies for my.website.com won't be valid for it and browser won't send them back to Django server.
One way to fix it is to point my.website.com to 127.0.0.1 using /etc/hosts, change your tunnel port to 443 and connect to my.website.com instead.
Another approach is to set any server in between you and your django server that will rewrite cookies and other paths from one domain to another.
I need to set cookie's domain for localhost and I'm using internet explorer. I tried:
Response.Cookies["MyCookie"].Domain = ".local";
but it didn't work, because cookies value and domain are later set to null. Any idea?
Thanks
I suppose this question is related to your local development environment. localhost does not map to the local domain, e.g. pinging localhost.local should not work.
In Windows environments I successfully worked with domain cookies by updating the hosts file with a statement like this:
127.0.0.1 localhost localhost.domain.com
Now you can point your browser to localhost.domain.com and set the cookie's domain property to domain.com. You may need to make this FQDN available to your runtime (in e.g. Tomcat it worked out of the box).
I have multiple Django projects running on one server using gunicorn and nginx. Currently they are each configured to run on a unique port of the same IP address using the server directive in nginx. All this works fine.
...
server {
listen 81;
server_name my.ip.x.x;
... #static hosting and reverse proxy to site1
}
server {
listen 84;
server_name my.ip.x.x;
... #static hosting and reverse proxy to site2
}
...
I came across a problem when I had 2 different projects open in 2 tabs and I realized that I could not be logged into both sites at once (both use the built-in Django User model and auth). Upon inspecting the cookies saved in my browser, I realized that the cookie is bound to just the domain name (in my case just an ip address) and it does not include the port.
On the second site, I tried changing SESSION_COOKIE_NAME annd SESSION_COOKIE_DOMAIN, but it doesn't seem to be working and with these current settings I can't even log in.
SESSION_COOKIE_DOMAIN = 'my.ip.x.x:84' #solution is to leave this as default
SESSION_COOKIE_NAME = 'site2' #just using this works
SESSION_COOKIE_PATH = '/' #solution is to leave this as default
#site1 is using all default values for these
What do I need to do to get cookies for both sites working independently?
Just change the SESSION_COOKIE_NAME. The SESSION_COOKIE_DOMAIN doesn't support port numbers afaik. So they are all the same for your apps.
Another solution that doesn't require hard-coding different cookie names for each site is to write a middleware that changes the cookie name based on the port the request came in on.
Here's a simple version (just a few lines of code).