Django cannot read session under subdomain but working under IP Address

Question

I use django 1.7 with python 2.73. I set up django on Windows Server 2008.

Code just like this, nothing special, typing a username and and save session, then jump to another view.

def login_user(request):
    error = None
    if request.POST:
        form = LoginForm(request.POST)
        username = request.POST.get('username')
        password = request.POST.get('password')
        try:
            user = authenticate(username=username, password=password)
            print user
        except:
            raise Http404("Authenticate faile")
        if user is not None:
            login(request, user)
            try:
                app_user = ApplicaitionUser.objects.using('xxx').filter(user_name=username).exclude(app_name='XXXX')
                app_user_list = list(app_user.values('user_name', 'app_name'))
                request.session['app_user_list'] = app_user_list
            except ApplicaitionUser.DoesNotExist:
                raise Http404("user does not exist")

            user_info = UserInfo.objects.filter(user_name=username)
            user_info_list = list(user_info.values('user_name', 'user_full_name', 'user_budget_centre', 'user_email'))
            request.session['user_info_list'] = user_info_list
            return HttpResponseRedirect('/index/')
        else:
            error = 'User name or password is wrong'
    else:
        user_info_list = request.session.get('user_info_list', None)
        if user_info_list is not None:
            return HttpResponseRedirect('/index/')
        else:
            form = LoginForm()
    tmp = loader.get_template("auth.html")
    cont = RequestContext(request, {'form': form, 'error': error})
    return HttpResponse(tmp.render(cont))


def index(request):
    try:
        app_user_list = request.session.get('app_user_list', None)
        user_info_list = request.session.get('user_info_list')
    except:
        raise Http404('Database is down')
    else:
        if user_info_list is not None:
            user_name = user_info_list[0]['user_name']
        else:
            return HttpResponseRedirect("/")


===================================Rest of Code==========================

All working fine if I use a ip address (127.0.0.1:8000). (Browsers are latest version of Chrome and FireFox.)

But when I use a subdomain (sub.domain.com), Something are really strange.

In Chrome, request.session['user_info_list'] stored data successfully, I checked it in database, and then jump to index view, user_info_list = request.session.get('user_info_list') can not get data, and then back to login_user view, but user_info_list = request.session.get('user_info_list') in this view can get data. And jump to index view again and request.session['user_info_list'] get data.

In FireFox, the different thing is user_info_list = request.session.get('user_info_list') cannot get data in login_user view

It allowed any url.

ALLOWED_HOSTS = ['*']

url is from sub.domain.com.au jumping to sub.domain.com.au/index

I also tried SESSION_COOKIE_DOMAIN = '.domain.com.au' or SESSION_COOKIE_DOMAIN = 'sub.domain.com.au' or SESSION_COOKIE_DOMAIN = 'domain.com.au'. None of them works.

I search similar questions like Django authentication works on Chrome, but not on Firefox or Django session doesn't work in Firefox, but does not work.

I am not quite sure is it a code issue or an internet issue. Because all working fine if I use ip address. Any ideas?

Thanks

Answer 1

You should add this line to your settings.py

SESSION_COOKIE_DOMAIN = ".yourdomain.com"

The domain to use for session cookies. Set this to a string such as ".example.com" (note the leading dot!) for cross-domain cookies, or use None for a standard domain cookie.

Django docs

Answer 2

The problem is a network issue, we are using Sophos, and after they changed url to https, all working fine.