Feature Idea: Allow setting session cookie name dynamically

[Dan Strokirk]

Hi,

Currently it's only possible to use a single session cookie, but it can be useful in a multi-tenant application to use multiple session cookies. To solve this we currently use our own, slightly modified SessionMiddleware class that we keep in sync with the official implementation and re-apply the patch during each Django upgrade.

Proposal: Adding a new get_cookie_name or get_cookie_params method to the SessionMiddleware class might be one way to implement this, which means that you can then then use your own subclassed middleware to easily override it. It would take the request and response objects as arguments.

If this seems like a reasonable feature to add I'd be glad to supply a patch.

(I've previously submitted a WONTFIX ticket for this, perhaps a little over-eager :) https://code.djangoproject.com/ticket/33760)

Best regards,

Dan

[Carlton Gibson]

Hey Dan. 

Thanks for following up here. 

Just to recap, my reasoning on the ticket was that it's quite a niche use-case. For me, just use the custom SessionMiddleware, or put that in a third-party package for multi-tenancy folks to maintain together. (Or so would be my opening thought... -- interested to see others' thoughts.)

Kind regards, 

Carlton 

Aside: Searching, there are lots of disparate resources for multi-tenant deploys; slightly orthogonal to your exact suggestion here, I imagine there's good work to be done corralling the interested parties and patterns. Maybe one of the existing resources already does this... 🤔

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/879fbda1-c8f6-4995-a3d0-7b2cbe5bc282n%40googlegroups.com.

[Dan Strokirk]

Hi Carlton, thanks for the response.

An external package might be useful, although the code majority of the code would be the copied SessionMiddleware code and the tiny changes to allow a dynamic cookie name, so my thoughts is that this might be "too small" for a published pypi package?

But since I haven't found a similar request earlier on this mailing list or the issue tracker, it seems that it might be really niche, as you say!

Best regards,

Dan

[Maciek Olko]

Hi Dan and Carlton,

In my current company I am impacted by conflicting session cookie name. We have several internal tools built on Django, available in the internal network under the same top-level domain. The scope of session cookies apparently was set on more than one service to a wildcard. Majority of users use only one of services in day-to-day work, so it's not impacting a big number of people.

I personally would be +1 for exposing a method to easily and without copying much code one was able to change it.

I wonder if using a Django project code name as part of session cookie for new projects would have a potential to be considered as an accepted feature.

Kind regards,

Maciej

--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/01a91019-8d54-4322-a295-dbfdc12dfab9n%40googlegroups.com.

[Florian Apolloner]

Hi Maciej,

You can already customize the cookie name via a setting. What this request is asking is customization based on the request object which is not that common. Did you check that you configured your applications correctly to use different cookie names (https://docs.djangoproject.com/en/4.0/ref/settings/#session-cookie-name)?

> I wonder if using a Django project code name as part of session cookie for new projects would have a potential to be considered as an accepted feature.

has not been considered (as far as I know) and is something I'd be strongly against.

Cheers,

Florian

[Maciek Olko]

Ah, thank you for explaining. I missed the point and the existing setting, sorry.

Cheers,

Maciej

To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/08a438ff-9d7a-47e0-abe2-d68a7dd20935n%40googlegroups.com.