Django admin - re-authentication?

Question

Django admin - re-authentication?

Right now, I'm a bit of a dilemma regarding the Django admin backend. The default authentication system allows already registered users with access rights to the admin site, but simply allows them directly.

This does not seem “right” to me, and I wonder if it will be difficult to at least require re-authentication of the same session in order to get into the backend.

Preferably, however, it would be nice if the front-end sessions could be separated from the inside (albeit using the same user objects), this would ensure a clean separation of both parts of the site. Perhaps this will require two separate authentication servers? Is it hard to do this?

+5

django django-admin

user212081 Nov 16 '09 at 14:05

source share

2 answers

Daniel Roseman · Answer 1 · 2009-11-16T14:40:57+0000

Here is an idea: run the admin application in another domain with an interface. Cookies will not be valid in another domain, so the user will have to log in again. All you need is a separate Apache vhost and the basic settings.py parameter that it has contrib.adminin INSTALLED_APPS.

jcdyer · Answer 2 · 2009-11-16T14:16:23+0000

, , , . , . , . , is_admin_authenticated -.

Django admin - re-authentication?

More articles: