堆栈内存溢出
  简体   繁体   English

django www 与非 www 问题与中间件身份验证

[英]django www vs non-www issue with middleware authentication

 原文  2011-06-14 15:58:46       django/ authentication/ django-middleware

问题描述

I have been having inconsistent behavior with my Django app.我的 Django 应用程序的行为一直不一致。

If I login with no www, and then prepend www, it's not authenticated, and all the combinations thereof.如果我在没有 www 的情况下登录,然后在前面加上 www,则它没有经过身份验证,以及它们的所有组合。 (www.mydomain.com and mydomain.com like different sites in terms of auth) (www.mydomain.com 和 mydomain.com 在身份验证方面就像不同的站点)

If the authentication code is important, I wrote a middleware based on the tutorial here: http://onecreativeblog.com/post/59051248/django-login-required-middleware如果验证码很重要,我这里根据教程写了一个中间件: http://onecreativeblog.com/post/59051248/django-login-required-middleware

So far I have fixed the issue forcing the appending of www, using PREPEND_WWW = True , but I would still like to understand the issue;)到目前为止,我已经解决了强制附加 www 的问题,使用PREPEND_WWW = True ,但我仍然想了解这个问题;)

Does anyone have an idea of what may be going on?有谁知道可能发生了什么? Thanks in advance!提前致谢!

3 个解决方案

解决方案1
 4 已采纳  2011-06-14 16:49:49

What Zaha Zorg said: Cookies from Django won't work for both a prepended www and non-www domain by default. Zaha Zorg 所说的:默认情况下,来自 Django 的 Cookies 不适用于前置 www 和非 www 域。

However, the deeper issue here is that you're allowing both www and non-www domains of your site to serve identical content.但是,这里更深层次的问题是,您允许网站的 www 和非 www 域提供相同的内容。 Besides the obvious SEO consequences of having traffic split between the two, you run into issues like these.除了在两者之间分配流量会带来明显的 SEO 后果外,您还会遇到此类问题。 The proper way to handle this is to redirect all traffic from one to the other (whichever you prefer).处理此问题的正确方法是将所有流量从一个重定向到另一个(无论您喜欢哪个)。 The PREPEND_WWW setting you found works perfectly for this.您找到的PREPEND_WWW设置非常适合此。 For the opposite (forcing all traffic to non-www), it's recommended to just do a re-write at the server configuration level, such as Apache or Nginx.相反(强制所有流量到非 www),建议只在服务器配置级别进行重写,例如 Apache 或 Nginx。

解决方案2
 1  2011-06-14 16:17:28

You need to look at https://docs.djangoproject.com/en/dev/ref/settings/?from=olddocs#session-cookie-domain您需要查看https://docs.djangoproject.com/en/dev/ref/settings/?from=olddocs#session-cookie-domain

SESSION_COOKIE_DOMAIN Default: None SESSION_COOKIE_DOMAIN默认值:无

The domain to use for session cookies.用于 session cookies 的域。 Set this to a string such as ".lawrence.com" for cross-domain cookies, or use None for a standard domain cookie.将此设置为跨域 cookies 的字符串,例如“.lawrence.com”,或将 None 用于标准域 cookie。 See the How to use sessions.请参阅如何使用会话。

解决方案3
 1  2011-06-14 16:20:20

Could it be that cookies depend on the hostname of the server?难道 cookies 依赖于服务器的主机名? This could explain why both domain names are considered different.这可以解释为什么两个域名被认为是不同的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Django将非www转发到www的方法? - Django Method of Forwarding Non-www to www? Heroku 将非 www 重定向到 Django 网站上的 www - Heroku Redirect non-www to www on Django website Django主机将非www重定向到www - Django-hosts redirect form non-www to www Docker + Gunicorn + Nginx + Django:在 AWS Route 53 上将非 www 重定向到 www - Docker + Gunicorn + Nginx + Django: redirect non-www to www on AWS Route 53 Apache2 未将非 www 请求重定向到 www - Apache2 not redirecting non-www request to www Nginx重定向(非www到www)不能与Certbot一起使用 - Nginx redirect (non-www to www) not working with Certbot 使用 http 到 https 重定向和通配符子域将 www 重定向到非 www - Redirecting www to non-www with http to https redirect and wildard subdomains WordPress网站显示404非www查询 - wordpress website is showing 404 for non-www queries Django将非www重定向到www重定向到mysite / mysite / wsgi - Django redirect non www to www is redirecting to mysite/mysite/wsgi Django站点地图间歇性www - Django sitemap intermittent www
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM