0

I'm trying to implement a multi-tenancy architecture with Django and django-tenant-schemas.

I'm successfully accessing the baseapp from http://app.mysite.com:8000/ and setting a cookie sessionId (which is http-only) when I log into the application. (Port 8000 is only for development)

I'm now trying to make a request to http://tenant1.mysite.com:8000/accounting/. When I inspect the request headers, however, I see that the cookies have not been set even though in my settings file I have:

SESSION_COOKIE_DOMAIN = ".mysite.com"
CSRF_COOKIE_DOMAIN = ".mysite.com"

I was under the impression that setting my cookie domain to .mysite.com would allow access to subdomains. What am I missing here?

wheresmycookie
  • 683
  • 3
  • 16
  • 39

1 Answers1

0

I know this is a bit old, but just in case someone lands here wondering about a similar issue it is possible that the cookie is set but the SessionMiddleware does not find a valid session for the session id received. This could happen for example if you are using the database session backend and you happen to have put django.contrib.sessions in your TENANT_APPS list. In this case Django won't find any session because when you logged in at app.mysite.com the session was stored in the database schema corresponding to the app tenant and when you tried to access tenant1.mysite.com the SessionMiddleware looked for a session stored in the tenant1 schema.

So the conclusion to this is, if you are using the database backend for storing sessions, then you should put django.contrib.sessions into your SHARED_APPS list and not into TENANT_APPS list.

Hope this helps.

ivissani
  • 2,614
  • 1
  • 18
  • 12