Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django Sessions getting dropped when redirected from another domain

Tags:

django

oauth

When a user visits my domain, a sessionid is issued by django. When he tries to do Oauth with Facebook, he clicks a button on my site which redirects to Facebook.com. Facebook redirects back to my domain, but at this point, the user's session is lost and Django seems to be issuing a new session variable.

I want the dropped session to persist because I must associate the visitor to my site with his Facebook account, but when the session is dropped, the logged in user is logged out.

I have a suspicion that this may be behavior related to django's XSS protection. How do I make the user information persist when the user leaves our site to log in at Facebook?

like image 570
Mark Avatar asked Sep 02 '10 15:09

Mark

People also ask

Can we pass context in redirect in Django?

In django You can not pass parameters with redirect. Your only bet is to pass them as a part of URL. in your html you can get them from URL.

Does redirect create a new session?

Response. Redirect does nothing with the session. The session is tied (typically) to a cookie associated with the URI of the web app.

How does Django keep track of a session?

Django uses a cookie containing a special session id to identify each browser and its associated session with the site. The actual session data is stored in the site database by default (this is more secure than storing the data in a cookie, where they are more vulnerable to malicious users).

How long do sessions last Django?

What is the default session timeout in Django? The setting you are looking for is SESSION_COOKIE_AGE , the default value is 1209600 which is two weeks, in seconds.

1 Answers

You might want to confirm that the cookies have the same domain when being created. That can sometimes cause problems. If you are going to the website www.example.com and the OAuth callback points to example.com, then it's possible you have two separate cookies, one for www.example.com and one for example.com

Turn on "Always Ask" on your browser and pay attention to the cookie details. Make sure that the value for the "Host:" field is the same both times.

The fix is entering something like .example.com for SESSION_COOKIE_DOMAIN in your settings.py file.

like image 153
Jordan Reiter Avatar answered Oct 06 '22 14:10

Jordan Reiter
Sign in to Comment

Related questions

Configuring Gunicorn: No application module specified
no such column: django_content_type.name
How to override form field in CreateView
<django.db.models.fields.related.RelatedManager object at 0x7ff4e003d1d0> is not JSON serializable
Django form with two submit buttons . . . one requires fields and one doesn't
Django - dropdown form with multiple select
How I can create a PointField using an api?
pdfkit generates small scaled pdfs
Django static files 404 (Not Found)
Overriding Djangorest ViewSets Delete Behavior
'WinError 10013' running Django on Windows
Migrations applied but no migration folder
How to make HttpResponse print the new line?
Writing a test for a Django View get_context_data() method
Django model fields with dynamic names
Django admin display groups horizontally
Choose the filename of an uploaded file with Django
Python/Django shell won't start
What does pk__in mean in Django?
Django ORM dealing with MySQL BIT(1) field

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!