(Django) Sharing authentication across two sites that are on different domains

StackOverflow https://stackoverflow.com/questions/1581602

  •  21-09-2019
  •  | 
  •  

Question

I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I'd like the main user db to be here) and I'd like for three things to happen:

1) User that logs in to foo.com is automatically able to access bar.com without logging in again

2) User that logs in to bar.com directly is authenticated against foo.com user db.

3) There is no need for a user to register at bar.com directly.

How can I achieve this? If it greatly simplifies things I can make bar.com a subdomain of foo.com (eg. bar.foo.com) but they must be separate sites.

Was it helpful?

Solution

Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.

The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).

What you are really looking for is a Single Sign On (SSO). You might consider django-openid.

OTHER TIPS

It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.

If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.

I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.

I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:

SESSION_COOKIE_DOMAIN = 'foo.com'

See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top