tags:

views:

381

answers:

3
+1  Q: 

(Django) Sharing authentication across two sites that are on different domains

I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:

1) User that logs in to foo.com is automatically able to access bar.com without logging in again

2) User that logs in to bar.com directly is authenticated against foo.com user db.

3) There is no need for a user to register at bar.com directly.

How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.

+1  A: 

Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.

The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).

What you are really looking for is a Single Sign On (SSO). You might consider django-openid.

John Paulett  2009-10-17 07:02:04
#2 can be done a couple of ways: direct access to the other database, or by using a server<=>server chat.As John said, #1 is the main problem.
Peter Rowell  2009-10-17 15:09:49
A: 

I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:

SESSION_COOKIE_DOMAIN = 'foo.com'

See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.

pcardune  2009-10-17 07:13:48
A: 

It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.

If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.

Daniel  2009-10-17 08:47:06
Um, why the down vote? This is a perfectly natural way to handle subdomains or domains that all share the same data.
Daniel  2009-10-18 01:37:07

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django