[Fixed]-Multiple Django apps, shared authentication

3👍

As you said, the two sites can have the same authentication data by sharing the database or syncing the Users table between their respective databases.

This will ensure any user of site1.com will automatically become a member of site2.com and vice versa.

But your requirement of- any user who logs into site1.com should get automatically logged in site2.com is a bit tricky. What you really need is Single Sign On (SSO).

Why it can’t be achieved by merely sharing the database (including session data) is because site2.com can never gain access to a cookie set by site1.com on the browser because of cross domain issues.

There are many SSO solutions using Django. Have a look at this SO question. Though I have never used it, Django-openid seems a good option.

21👍

The marked answer is correct based on the initial question of using different sites.

Here is the answer for different subdomains, eg www.site.com and shop.site.com

Use the shared database authentication as described in the question. And then, in both settings.py:

SESSION_ENGINE = "django.contrib.sessions.backends.signed_cookies"
SESSION_COOKIE_DOMAIN = '.site.com' #notice the period
SESSION_COOKIE_NAME = 'my_cookie'
SECRET_KEY = "" the same in both settings.py

There might be some issue about what happens if you have other subdomains that should NOT share this information. Or, maybe not, if you give their cookies different names??

Not sure if this can work on localhost.

0👍

You can use database routers for specifying which database should be used for auth backend.

Here I have given a example router code below:

class UserSessionRouter(object):

    def db_for_read(self, model, **hints):
        if model._meta.app_label == 'auth':
            return 'usersandsessions'
        elif model._meta.app_label == 'accounts':
            return 'usersandsessions'
        elif model._meta.app_label == 'sessions':
            return 'usersandsessions'
        return None

    def db_for_write(self, model, **hints):
        if model._meta.app_label == 'auth':
            return 'usersandsessions'
        elif model._meta.app_label == 'accounts':
            return 'usersandsessions'
        elif model._meta.app_label == 'sessions':
            return 'usersandsessions'
        return None

Then specify router using the database setting DATABASE_ROUTERS and SESSION_COOKIE_DOMAIN as given below

DATABASE_ROUTERS = ['site2.routers.UserSessionRouter']
SESSION_COOKIE_DOMAIN = 'site1.com'
👤arulmr

0👍

As Sudipta mentioned, openid is one way to accomplish SSO.

Another way is to use SAML directly (there are some tools out there for this), or a hosted service like Stormpath (https://stormpath.com) which does SSO stuff for you, and provides directly support with Django’s auth system: https://github.com/stormpath/stormpath-django

I work at Stormpath, so pretty biased, but figured I’d chime in as there’s quite a lot of confusion around regarding SSO + Django solutions.

Leave a comment