Django sessions and cookie - and many domains

Question

In Django's settings I can specify the domain that is used for session's cookie - like it is stated here. It's quite useful for me, as I have subdomains defined that should share the cookies with master domain - so I define the SESSION_COOKIE_DOMAIN = '.domain.com'.

What I bumped into now is the requirement to serve many domains - like domain1.com and domain2.com - and they should share the same session/cookie data.

I think I can do it in one of 2 ways: One would be to start 2 instances of the application, where one would be responsible for serving one domain and other one for serving second one.

Or maybe it's a way to set 2 cookies for both domains at once?

Answer 1

I am not sure if this solution works or it is practical... It is untested, but you might wish to give it a try...

For login, redirect users to the same page... If login action is successfull, post your both sites the session information (you can try this). and each site have a url conf that redirect the incoming post data to a view which sets this data to session, or may be you can try to log them in in that view.

As i said it does not seem to be practical, and must be tested for such security vulnerabilities.