I marked this thread as "no action needed", because I opened another thread where I reproduce the problem from scratch, using a fresh new web2py install and a couple of example apps: https://groups.google.com/forum/#!topic/web2py/ZfmJnyNvmio
Notice the issue could be related to this: https://groups.google.com/forum/#!msg/web2py/SuOW_6bDOfA/hnmWRvsKFQAJ El miércoles, 7 de febrero de 2018, 21:11:07 (UTC-3), Lisandro escribió: > > Hi there! I'm having this issue I would like to share with you, I hope to > find a solution. > > *This is the scenario*: > > - Two different apps, let's call them *development* and > *development_panel* > * - *Both apps uses the *same model* (shared through symlinks) > - *development* app is served at *development.com > <http://development.com>* > * - **development**_panel* app is served at *panel.**development**.com* > - Login is done in *development**_panel* app and cookie is shared for > *development* app (so, the visitor logs in at *panel.**development**.com* and > that cookie is shared also with *development**.com*) > > > *How does it work?* > > First, I have the domains mapped to apps within my routes.py > > routers = dict( > BASE=dict( > default_controller='default', > default_function='index', > domains={ > 'development.com': 'development', > 'panel.development.com': development_panel, > }, > map_static=True, > exclusive_domain=True, > ) > ) > > Notice exclusive_domain=True, meaning that each app can be accessed only > through the specificed domain, and not from another one. This works like a > charm. > > > Second, the db.py file is defined in one app, and symlinked from the other > one. The "databases" folder was moved out from inside the app folder, so it > is specified when instantiating DAL: > > db = DAL( > 'postgres://%s:%s@%s/%s' % (CONFIG.db_user, CONFIG.db_user_password, > CONFIG.db_host, CONFIG.db_name), > migrate=False, > lazy_tables=True, > folder=CONFIG.databases_folder) > > > Third, both apps connect to the session specifying *development* as the > *masterapp*: > > session.connect(request, response, db=db, masterapp='development') > > > Fourth and last, this code is right after session.connect, and it's the > one that makes the magic. > This two lines of code are the ones needed in order to share the login > session between the two apps: > > if response.session_id_name in response.cookies: > response.cookies[response.session_id_name]['domain'] = 'development > .com' > > > Now, remember the login is done in *development_panel* and *development* is > defined as the masterapp. Well, all this is working ok, I have several > websites running this way (every website has its own domain and its > couple of apps installed, served the same way as the example I exposed). > However, *very few customers are reporting they can't login*. Actually, > they login successfully to the panel, but then they go to the main domain > and they aren't logged in anymore. That is, the cookie is being written but > not read (not shared across domains). This happens only on a specific > subset of devices and browsers (so far, it's been reported to happen a lot > in Safari for iPhone). > > As I said, the current approach is working for the vast majority of > customers. However, as some of them reported the problem, I wanted to check > the cookies. And that's when I saw all this mess, or at least I think it's > a mess. > Having erased all cookies from the browser, without being logged in, I go > to the login page at *panel.development.com > <http://panel.development.com>* and this is what I see in the cookies: > > > <https://lh3.googleusercontent.com/-K5eNM35F4yQ/Wnt84F-_qqI/AAAAAAAAHww/kgSCxcVXVGsjsnORuE0iMBs6GmZOsbGUACLcBGAs/s1600/capture1.png> > > > > I can already see a strange cookie "*session_id_development_panel*" that > I don't know where it comes from. > > I checked the gluon/globals.py code to see where is that name generated: > > https://github.com/web2py/web2py/blob/master/gluon/globals.py#L846 > > > Notice it uses the *masterapp* to generate that name, and if you check my > previous code, you will see that I connect to the session using > masterapp='development'. > > So where does *session_id_development_panel* comes from? > > > What is more weird is this: after a successfull login, the app takes me to > the main domain, and there I see these cookies: > > > > <https://lh3.googleusercontent.com/-hsduZYg_Q0E/Wnt9-L0R5FI/AAAAAAAAHw4/JM1ctM_cpkM8ZPScC-ej-4gdL_KisBaRgCLcBGAs/s1600/capture2.png> > > > > *Notice the duplicated cookie name with different values*. Where does it > come from? > > > Now that I see all this, I'm starting to think that the problem reported > by some customers is produced by this cookie mess. > > Somehow Chrome, Firefox and Edge don't complain about this and it works > ok. However some browsers don't like this, and refuse to share the cookie. > > > Any thoughts? Anything I should check or modify? > > > I've read documentation about cookies: > > http://web2py.com/books/default/chapter/29/4#Cookies > > > There, you can see what is needed in order to share the cookie across > multiple domains, but the documentation mentions a single app. > > What about my case? I know there is something that I have to change, but I > can't figure out what. > > > Any help will be appreciated. > > Thanks in advance! > > > Regards, > > Lisandro. > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.