Opened 4 years ago

Closed 4 years ago

#16879 closed Bug (invalid)

request.user does not synchronize using SET_SESSION_COOKIE

Reported by: Wim Feijen <wim@…> Owned by: nobody
Component: contrib.auth Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no



I have two sites running, on which I want to share request.user: meaning that if someone logs in to one site, he is automatically logged in to the other, and vice-versa.

I'm using
SESSION_COOKIE_DOMAIN = '' in both projects.

If I inspect the session data, both websites use the same session, having a shared cookie where
'sessionid': '28a1fa5874533465c0ff2889d4a.....'

But if I successfully log in to one site, then I remain anonymous on the other site. :(

I believe this to be a bug. Can some-one please confirm this? Or did I misunderstand the documentation?

Change History (2)

comment:1 Changed 4 years ago by Wim Feijen <wim@…>

  • Component changed from Uncategorized to contrib.auth
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Type changed from Uncategorized to Bug

comment:2 Changed 4 years ago by aaugustin

  • Resolution set to invalid
  • Status changed from new to closed

The identifier of the session is the same on both sites but the contents of the session is different. On one site, the session contains some information that says that the user is logged in. On the other it doesn't.

So this isn't a bug in Django.

I don't know what's the best way to share authentication. You may have to write a custom authentication backend. If you want to discuss that, the django-users mailing list is a better place than Trac anyway. Thanks!

Note: See TracTickets for help on using tickets.
Back to Top