python - How to get distinct Django apps on same subdomain to share session cookie?

Question

We have a couple of Django applications deployed on the same subdomain. A few power users need to jump between these applications. I noticed that each time they bounce between applications their session cookie receives a new session ID from Django.

I don't use the Django session table much except in one complex workflow. If the user bounces between applications while in this workflow they lose their session and have to start over.

I dug through the Django session code and discovered that the:

django.conf.settings.SECRET_KEY

is used to perform an integrity check on the sessions on each request. If the integrity check fails, a new session is created. Realizing this, I changed the secret key in each of these applications to use the same value, thinking this would allow the integrity check to pass and allow them to share Django sessions. However, it didn't seem to work.

Is there a way to do this? Am I missing something else?

Thanks in advance

Answer 1

I would instead advise you to set SESSION_COOKIE_NAME to different values for the two apps. Your users will still have to log in twice initially, but their sessions won't conflict - if they log in to app A, then app B, and return to A, they'll still have their A session.

Sharing sessions between Django instances is probably not a good idea. If you want some kind of single-sign-on, look into something like django-cas. You'll still have 2 sessions (as you should), but the user will only log in once.