Add SESSION_COOKIE_PATH setting.
|Reported by:||Graham.Dumpleton@…||Owned by:||frej|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When using a pure Python web server executed from command line Python it is only possible to run one Django instance. This is because of how configuration settings module derived from os.environ value. If however using mod_python, more than one Django instance can be run by using the PythonInterpreter directive of mod_python to force them to be run in different Python sub interpreters.
If these two Django instances are running in distinct virtual hosts then all will be fine. If however the two Django instances are running at different URL mount points within the same virtual host, problems will be encountered where each instance is making use of authenticated sessions, eg. admin interface, and they have different user/session databases.
The problem here is that each Django instance will attempt to use the same cookie name for tracking the session, thus the first Django instance to set it will win. When one now browses to the other Django instance it will think the session id is invalid and force the user to log in again.
The only way around this problem is to set the SESSION_COOKIE_NAME to be different for both Django instances.
Rather than change the name of the session cookie, the feature of cookies that allows them to be restricted to a specific URL within a site should probably be supported and that used instead as that is a more standard way of solving this problem. It would also reduce the amount of cookie information having to be sent with a request as only the cookie value for the Django instance being browsed would be sent, instead of all cookies for all Django instances within that virtual host.
Thus, a new SESSION_COOKIE_PATH setting should possibly be supported. This would default if not defined to use '/' as the path so it applies to the whole virtual host, but could be overridden to restrict it to the context of a specific Django instance.
Change History (9)
comment:1 Changed 7 years ago by mtredinnick
- Component changed from Uncategorized to HTTP handling
- Needs documentation unset
- Needs tests unset
- Owner changed from jacob to mtredinnick
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted