(Django) Sharing authentication across two sites that are on different domains

Question

I have two sites say foo.com and bar.com and are both Django based. Primary registration occurs on foo.com (I\'d like the main user db to be here) and I\'d like for three th

Answer 1

I had a very similar problem but OpenID was not a viable solution for me. With the advent of multiple databases in django >1.2, it is now pretty easy to share session and login data across sites. This blog post does a great job of explaining how to get it set up. Hopefully others find this as useful as I did.

Answer 2

Your 3rd requirement could easily be solved by sharing the same database between the two sites (therefore having the same Users table.

The 1st requirement is tricky because of cross domain issues (the session cookie will not be shared).

What you are really looking for is a Single Sign On (SSO). You might consider django-openid.

Answer 3

It depends on your requirements. If you're able to, the simple solution is to simply host both sites on one Django instance. In other words, your Django project hosts both sites but you have a url rewrite rule that maps foo.com to http://localhost/foo/ and bar.com to http://localhost/bar/. Django's auth system will "just work" under this scenario. Rewrite rules can of course also apply to subdomains; I've built a system that hosts hundreds of subdomains using this technique.

If this isn't an option, sharing databases between your Django instances and setting SESSION_COOKIE_DOMAIN, as mentioned by others, should work.

Answer 4

I think what you are looking for is the SESSION_COOKIE_DOMAIN setting. You would set it like this:

SESSION_COOKIE_DOMAIN = 'foo.com'

See http://docs.djangoproject.com/en/dev/topics/http/sessions/#session-cookie-domain for more information on that. This does assume that both applications are using the same session storage backend.