I have example.com and support.example.com . If a user is logged in on the main site, I'd like to have the session be accessible from the support site.
Setting the SESSION_COOKIE_DOMAIN to '.example.com' isn't what I want because I have many, many other subdomains with django apps that I would like to NOT have access to the session.
Currently my only conceivable workaround involves tricky redirects, which I'd like to avoid if necessary.
Is there any way to do this?
I recently saw a similar question in: http://stackoverflow.com/questions/556907/how-to-get-distinct-django-apps-on-same-subdomain-to-share-session-cookie
Where it was recommended to have separate sessions but a single-sign-on using django-cas (you only login to one of the sites).
You could write your own SessionMiddleware to set and retrieve the cookies based on domains.
Basically you'd want to copy the existing SessionMiddleware class. In the process_request function to look at the domain and retrieve the correct cookie to setup the SessionStore. In the process_response you'll want to write the cookies for both sub domains. In your settings you'll delete the existing SessionMiddleware class and replace it with your own.
This is just off the top of my head, so don't hate me if it doesn't work. Best of luck, and please post your findings for future readers.
I dont know django, but is possible for you to set 2 cookies instead of 1? See, a cookie is send only if cookie domain matches url domain correct? If you want to have the same session on 2 different domains you could set 2 cookies with same value and diferent domains. In this case .example.com and support.example.com. So you will receive this cookie only when acessing one of those.