I currently manage a website, coded in django, that has 2 standard areas - the frontend and backoffice (which is built using django's admin interface).
Recently the customer claimed he wanted 2 diffrent authentications - one for frontend users and another one - for people managing the backoffice.
Until now they both used standard django.contrib.auth authentication.
I know I could make the customer to just use diffrent users (and, maybe, disallow the "backoffice" users to log into the frontend part) but - they want more changes, like: session inactivity on the admin side shortened to few minutes (while on the frontend - to keep it like forever).
Is it possible to define parts of django site to use diffrent authentication? With diffrent cookies, etc?
Or should I use a diffrent domain for backoffice, like to have a frontend on site.com and admin on admin.site.com, then have both run as 2 diffrent applications, using diffrent settings for cookies, etc?