Answer the question
In order to leave comments, you need to log in
Why is the session reset? Or is that how it should be?
Good afternoon!
I am making a single registration and authorization center SSO on the CAS 3.0 protocol.
For this I use:
django-cas-server
django-registration
For example,
there are three services:
1) service1.com
2) service2.com
3) service3.com
The CAS server itself:
cas.service.com
CAS server, entry points:
1) /before-login/ - email request - user search - if found - send to /login/
2) /login/ - if the user is authorized on CAS and there are parameters from which service he came from, auto-redirect him to the service.
The logic is this:
1) An unregistered user enters any of these services, clicks on "Login or Register" and is redirected by GET to the CAS server (/before-login/ ).
2) Gets to the CAS server (together with the request, the data comes: from which service, from which page)
3) The CAS server asks for an e-mail, the user enters, clicks Submit.
4) The CAS server searches for a user by e-mail, if it finds it, it asks for a password, and if it doesn't find it, then for registration.
5) The user enters registration data, clicks Submit, a letter with an activation link leaves (we sew the code into this link and in the form of parameters, which service and from which page the user came from)
6) The user follows this link - his account is activated. After that, we authorize it manually (we want a minimum of actions from the user) and write the authenticated parameter to the session:
and then send it to the login URL of the service from which it came (To get the correct ticket from the service to the CAS server ), from this URL it naturally redirects it to CAS (/login/) also with parameters, from which page it came and from which service.
And here the magic should happen:
Since we authorized the user manually before, the user must automatically return to the service authorized. But the authorization is reset, or rather the session.self.request.session["authenticated"] = True
But if you do not insert self.request.session["authenticated"] = True, then CAS stops at /login/, shows that the user is authorized, but the redirect does not occur, because the session does not have authenticated = True.
self.request.session["authenticated"] it is checked by django-cas-server
Sorry for the many letters and messy presentation.
What I tried: I've
been updating the session hash after I put authenticated in it.
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question