We have a couple of Django applications deployed on the same subdomain. A few power users need to jump between these applications. I noticed that each time they bounce between applications their session cookie receives a new session ID from Django.
I don’t use the Django session table much except in one complex workflow. If the user bounces between applications while in this workflow they lose their session and have to start over.
I dug through the Django session code and discovered that the:
django.conf.settings.SECRET_KEY
is used to perform an integrity check on the sessions on each request. If the integrity check fails, a new session is created. Realizing this, I changed the secret key in each of these applications to use the same value, thinking this would allow the integrity check to pass and allow them to share Django sessions. However, it didn’t seem to work.
Is there a way to do this? Am I missing something else?
Thanks in advance
I would instead advise you to set
SESSION_COOKIE_NAMEto different values for the two apps. Your users will still have to log in twice initially, but their sessions won’t conflict – if they log in to app A, then app B, and return to A, they’ll still have their A session.Sharing sessions between Django instances is probably not a good idea. If you want some kind of single-sign-on, look into something like django-cas. You’ll still have 2 sessions (as you should), but the user will only log in once.