Sessions across multiple domains and subdomains

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Sessions across multiple domains and subdomains

Andrew Maizels

I have a blogging system up and running in CherryPy, and all is well.
Users get their own subdomains under, let's call it, cherryspace.com.
I set the session domain (tools.sessions.domain) to ".cherryspace.com"
and all is well.

But say I also have cherryspace.net.  I could add a separate instance
of my application on a different IP with a different config file, and
that would work too.  Not a big deal.

Now, I want to allow paying customers to use their own domains
(whatever.com) for blogs hosted on my system.   I can't set up a
separate instance for every paying customer.  Is there a
straightforward way to make the built-in sessions system work with
arbitrary domains?  Obviously then sessions won't be maintained across
domains (because the cookies won't work that way), but I can live with
that for now.

Any suggestions would be greatly appreciated!


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: Sessions across multiple domains and subdomains

Robert Brewer-4
Pixy Misa wrote:
> Now, I want to allow paying customers to use their
> own domains (whatever.com) for blogs hosted on my
> system.   I can't set up a separate instance for
> every paying customer.  Is there a straightforward
> way to make the built-in sessions system work with
> arbitrary domains?  Obviously then sessions won't
> be maintained across domains (because the cookies
> won't work that way), but I can live with that for
> now.

The simplest method I can think of would be to subclass
_cptools.SessionTool and override its _setup method.
There, before attaching the 'session.init' hook:

    hooks.attach(self._point, self.callable, priority=p, **conf)

...inspect cherrypy.request.headers['Host'] and use it
to set conf['domain'] to whatever you'd like. For example:


    host = cherrypy.request.headers['Host']
    host = host.rsplit(".", 2)
    if len(host) < 2 or host[-1] not in TLDs:
        pass
    else:
        conf['domain'] = "." + host[-2] + "." + host[-1]
   
    hooks.attach(self._point, self.callable, priority=p, **conf)

You'll probably want to do something other than pass if
the host doesn't end in one of the top-level domains [1]
(for example, it might be an IP address). Redirecting to
a canonical host name is common in that case.


Robert Brewer
[hidden email]

[1] http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---


winmail.dat (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Sessions across multiple domains and subdomains

Andrew Maizels
On 9/24/07, Robert Brewer <[hidden email]> wrote:

The simplest method I can think of would be to subclass
_cptools.SessionTool and override its _setup method.
There, before attaching the 'session.init' hook:

    hooks.attach(self._point, self.callable , priority=p, **conf)

...inspect cherrypy.request.headers['Host'] and use it
to set conf['domain'] to whatever you'd like. For example:


    host = cherrypy.request.headers['Host']
    host = host.rsplit(".", 2)
    if len(host) < 2 or host[-1] not in TLDs:
        pass
    else:
        conf['domain'] = "." + host[-2] + "." + host[-1]

    hooks.attach(self._point, self.callable, priority=p, **conf)

Thanks Robert, that makes sense.  I'll only have a handful of shared domains, and if it's not one of those the cookie will be specific to the user's domain, so TLDs as such won't be a problem.   I'll give it a whirl today.

Andrew

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply | Threaded
Open this post in threaded view
|

Re: Sessions across multiple domains and subdomains

Andrew Maizels
In reply to this post by Robert Brewer-4
Thanks again Robert, that works like a charm.

Andrew

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "cherrypy-users" group.
To post to this group, send email to [hidden email]
To unsubscribe from this group, send email to [hidden email]
For more options, visit this group at http://groups.google.com/group/cherrypy-users?hl=en
-~----------~----~----~----~------~----~------~--~---