Hi Mike,
On Fri, Sep 30, 2016 at 06:00:30AM -0700, Stodge wrote:
> Thanks Michal,
>
> The two servers are on the same domain and use different databases. At the
> moment I'm using the default Django session backend.
>
> It's an experiment, nothing more really. I just wanted to see if I could
> make it work. I haven't really worked out the flow, but it's probably
> something like:
>
> - admin creates user account on A1, auto replicates it to S1
> - user U1 visits S1, not logged in
> - U1 redirected to A1 to generate auth token, not logged in
> - U1 logs into A1
> - U1 redirected back to S1 to accept authentication
> - S1 logs U1 in, creates session as normal
>
> So the user is logged into both. It's a fairly naive attempt at reinventing
> the wheel, but that's how we learn, right? :)
Sounds all right, at least from a higher-level point of view. So
basically, those two services are pretty much separate, just sharing a
domain. In this case, your problem should go away if you set a unique
SESSION_COOKIE_NAME for each of those sites.
It might be a different situation if those two sites were using a
shared database; then, the same session ID would be valid for both,
but since that's not the case here, they need to be separate.
Cheers,
Michal