Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Salavat Sharapov2017-03-09 12:10:31
Django
Salavat Sharapov, 2017-03-09 12:10:31

Why is the session reset? Or is that how it should be?

Good afternoon!
I am making a single registration and authorization center SSO on the CAS 3.0 protocol.
For this I use:
django-cas-server
django-registration
For example,
there are three services:
1) service1.com
2) service2.com
3) service3.com
The CAS server itself:
cas.service.com
CAS server, entry points:
1) /before-login/ - email request - user search - if found - send to /login/
2) /login/ - if the user is authorized on CAS and there are parameters from which service he came from, auto-redirect him to the service.
The logic is this:
1) An unregistered user enters any of these services, clicks on "Login or Register" and is redirected by GET to the CAS server (/before-login/ ).
2) Gets to the CAS server (together with the request, the data comes: from which service, from which page)
3) The CAS server asks for an e-mail, the user enters, clicks Submit.
4) The CAS server searches for a user by e-mail, if it finds it, it asks for a password, and if it doesn't find it, then for registration.
5) The user enters registration data, clicks Submit, a letter with an activation link leaves (we sew the code into this link and in the form of parameters, which service and from which page the user came from)
6) The user follows this link - his account is activated. After that, we authorize it manually (we want a minimum of actions from the user) and write the authenticated parameter to the session: and then send it to the login URL of the service from which it came (To get the correct ticket from the service to the CAS server ), from this URL it naturally redirects it to CAS (/login/) also with parameters, from which page it came and from which service. And here the magic should happen: Since we authorized the user manually before, the user must automatically return to the service authorized. But the authorization is reset, or rather the session.
self.request.session["authenticated"] = True
But if you do not insert self.request.session["authenticated"] = True, then CAS stops at /login/, shows that the user is authorized, but the redirect does not occur, because the session does not have authenticated = True.
self.request.session["authenticated"] it is checked by django-cas-server
Sorry for the many letters and messy presentation.
What I tried: I've
been updating the session hash after I put authenticated in it.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
DiaTMss2019-09-11 00:00:33
How to protect sessions and cookies? 2Reply
N
Niko True2013-11-21 16:04:04
How to install django-cms in virtualenv? 3Reply
Y
yavis232020-07-12 14:44:14
What is the correct way to upload my project to a configured debian server for django? 1Reply
D
dimayadikin19972018-07-22 13:40:47
Why aren't changes applied in Django? 1Reply
A
Andrey Salnikov2018-07-23 16:50:20
Can Prefetch Related be used with the same model? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question