int*_*tar 21 django django-sessions
在Django中,我将SESSION_COOKIE_DOMAIN设置为我的域名.但我实际上想用两个不同的域名运行同一个站点.
设置SESSION_COOKIE_DOMAIN后,只有指定的域允许用户登录.是否可以允许两个域登录?
Mik*_*keN 30
如果您将会话cookie域设置为以"."开头.它将允许您处理通配符子域并跨多个子域共享会话cookie(登录会话).
In settings.py: SESSION_COOKIE_DOMAIN=".stackoverflow.com"
以上内容允许在user1.stackoverflow.com和user2.stackoverflow.com之间共享cookie.
如果您确实希望同一站点的URL不同,您是否希望同一用户在一个登录会话中在两个站点之间切换?或者你只是希望能够让两个不同的用户从两个不同的URL(不是子域?)登录到该站点.
标准SessionMiddleware仅支持一个SESSION_COOKIE_DOMAIN,它仅适用于一个域及其子域.
这是一个变体,它将根据请求主机动态设置cookie域.要使用它,只需更新MIDDLEWARE_CLASSES即可使用这一个SessionHostDomainMiddleware,而不是SessionMiddleware.这更好,@ jcdyer和@interstar?
import time
from django.conf import settings
from django.utils.cache import patch_vary_headers
from django.utils.http import cookie_date
from django.contrib.sessions.middleware import SessionMiddleware
class SessionHostDomainMiddleware(SessionMiddleware):
def process_response(self, request, response):
"""
If request.session was modified, or if the configuration is to save the
session every time, save the changes and set a session cookie.
"""
try:
accessed = request.session.accessed
modified = request.session.modified
except AttributeError:
pass
else:
if accessed:
patch_vary_headers(response, ('Cookie',))
if modified or settings.SESSION_SAVE_EVERY_REQUEST:
if request.session.get_expire_at_browser_close():
max_age = None
expires = None
else:
max_age = request.session.get_expiry_age()
expires_time = time.time() + max_age
expires = cookie_date(expires_time)
# Save the session data and refresh the client cookie.
# Skip session save for 500 responses, refs #3881.
if response.status_code != 500:
request.session.save()
host = request.get_host().split(':')[0]
response.set_cookie(settings.SESSION_COOKIE_NAME,
request.session.session_key, max_age=max_age,
expires=expires, domain=host,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None)
return response
| 归档时间: |
|
| 查看次数: |
21419 次 |
| 最近记录: |