Menu
I'd like to have different sessions for the Django admin interface and applications themselves to be able to login as admin to the admin interface and as a standard user to the application.
Any ideas how to achieve that?
P.S. Sure, I can use 2 different web browser instances, any other ways?
337
Django provides full support for anonymous sessions. The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies.
Django admin allows access to users marked as is_staff=True . To disable a user from being able to access the admin, you should set is_staff=False . This holds true even if the user is a superuser. is_superuser=True .
The Django admin application can use your models to automatically build a site area that you can use to create, view, update, and delete records. This can save you a lot of time during development, making it very easy to test your models and get a feel for whether you have the right data.
Just wanted to encourage the usage of Bernhard Vallant's proposed solution. It takes 10minutes to implement and test. Just grab the SessionMiddleware implementation make your own version of it replacing the settings.SESSION_COOKIE_NAME depending the request path starts with admin url or not and replace the django.contrib.sessions.middleware.SessionMiddleware middleware with your new one in your settings.py
import time
from django.utils.cache import patch_vary_headers
from django.utils.http import cookie_date
from django.utils.importlib import import_module
class AdminCookieSessionMiddleware(object):
def cookie_name(self, request):
if request.path.startswith(u'/admin'):
return settings.ADMIN_SESSION_COOKIE_NAME
return settings.SESSION_COOKIE_NAME
def process_request(self, request):
engine = import_module(settings.SESSION_ENGINE)
session_key = request.COOKIES.get(self.cookie_name(request), None)
request.session = engine.SessionStore(session_key)
def process_response(self, request, response):
"""
If request.session was modified, or if the configuration is to save the
session every time, save the changes and set a session cookie.
"""
try:
accessed = request.session.accessed
modified = request.session.modified
except AttributeError:
pass
else:
if accessed:
patch_vary_headers(response, ('Cookie',))
if modified or settings.SESSION_SAVE_EVERY_REQUEST:
if request.session.get_expire_at_browser_close():
max_age = None
expires = None
else:
max_age = request.session.get_expiry_age()
expires_time = time.time() + max_age
expires = cookie_date(expires_time)
# Save the session data and refresh the client cookie.
# Skip session save for 500 responses, refs #3881.
if response.status_code != 500:
request.session.save()
response.set_cookie(self.cookie_name(request),
request.session.session_key, max_age=max_age,
expires=expires, domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None,
httponly=settings.SESSION_COOKIE_HTTPONLY or None)
return response
and in settings.py
MIDDLEWARE_CLASSES = (
...
#'django.contrib.sessions.middleware.SessionMiddleware',
'path.to.your.AdminCookieSessionMiddleware',
... )
ADMIN_SESSION_COOKIE_NAME = 'somethingDifferentThanSESSION_COOKIE_NAME'
The way I have solved this in the past is to have 2 different urls. www.example.com and admin.example.com. As the sessions are stored in cookies, and the cookies being domain specific you can use both at the same time.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
