I had a big problem with my sessions in a Django project.
The .my-domain.orgback-end server is hosted at , and the back-end server uses the back-end REST API .front-end.com. In the future, other interfaces may appear on completely different domains.
How can I deal with this situation when I use the session framework provided by Django? It appears that SESSION_COOKIE_DOMAINonly one subdomain is allowed to set session cookies . As a result, I want to be able to log in .my-domain.org(i.e. SESSION_COOKIE_DOMAIN = None), then I cannot get the session cookie from .front-end.comwhen it calls the API endpoints. On the other hand, installing SESSION_COOKIE_DOMAINon will .front-end.comprevent me from connecting to the site administrator. The situation is also affected SESSION_COOKIE_PATH, of course ...
Any help is more than welcome. I am pretty sure that I am not the first to need a session authentication REST API accessible from external domains.
source
share