Federated Login on Google App Engine (both Java and Python) does not transition across application versions. CreateLoginURL ignores attributes such as openid.realm (which would allow me to set a wildcard on the domain). A version’s sub-domain results in a different session than the main application (or a different version’s session). Is this a flaw in Google’s session tracking? Or is this a flaw in the Federated login? Or am I doing something wrong (or not doing something right)?
It sounds like I need to handle sessions and OpenID interactions myself to overcome this limitation, but I wanted to ping the Stackoverflow folks before I reinvented the wheel.
Examples in Python or Java are welcome.
Default GAE sessions are based on cookies (in GAE production its named ACSID or SACSID) which are NOT subdomain cookies.
About subdomain cookies: https://serverfault.com/questions/153409/can-subdomain-example-com-set-a-cookie-that-can-be-read-by-example-com
To make this work you should write your own custom session handler.