posted on June 18th, 2009 by Greg Allard in Greg's Posts on Code Spatter
I’ve been working on a project for a while and it has recently started to expand to an additional domain name. The domains will be using the same user base and I want to make it simple for users to be logged in at both applications. With a little research I dug up a few options I could go with. There is a redirect option, a javascript option, or a single sign on option.
With the redirect option I could redirect users to the main domain, check for cookies, and redirect them back so that they could get new cookies for the additional domain. The downside to this method is it will increase traffic for every pageload from a new visitor even if they will never need to log in. And since the sites this was for will have pages being viewed many more times than there will be logged in users, it wasn’t worth all of the extra traffic. It might be possible to minimize this traffic by only redirecting on login pages, but if the login form is at the top of all pages then it doesn’t help much.
Facebook uses a javascript method on all of the sites where you see facebook connect so you can use your facebook credentials to comment on blogs and other things. This method may be fine for their case, but again it will cause the extra traffic since the javascript is still connecting to the main server to get cookie info. I also don’t want to rely on javascript for my sessions.
I wanted a solution where it would only keep users logged in when they needed to be kept logged in. One way of knowing if they need to be kept logged in is: they are on one domain and click a link to go over to the other domain. Using a single-sign-on link to the other domain, the user would stay logged in at the new domain. The only use case that this doesn’t account for is someone is logged in at one domain and then types the other domain into the address bar. However that is a minimal case and I think the sso link will be the best way to keep users logged in most of the time and keep the overhead down.
I plan on open sourcing the django sso code so that other people can use it in their projects. It will allow a django site to accept single sign on requests and it will also help to create single sign on links to other sites. Both ends of the process don’t need to be a django site since it should work with other applications that use this type of process to authenticate users.
I’ll write a post on here about how to use the code once I get it set up at google code so if you are interested in that, you should probably
subscribe to the rss so you don’t miss it.
Related posts:
-
Django Settings Site Domain example.com It took me a while to figure out how to…
-
OpenID Enabled If you haven’t stumbled upon any sites that use OpenID…
-
Python Projects in Users’ Home Directories with wsgi Letting users put static files and php files in a…
posted on May 1st, 2009 by Greg Allard in Greg's Comments on the Internet
This is useful. I just tried it with this
test = " go to http://ole-laursen.blogspot.com/2009/05/safe-truncation-of-html.html "
{{test|urlize|truncatehtml:25}}
And it worked how expected.
Read more comments by Greg Allard
posted on May 1st, 2009 by Greg Allard in Greg's Comments on the Internet
I updated this post. I was thinking the uploaded file was deleted after using it, but I just needed to reset the file. Django’s InMemoryUploadedFile uses StringIO. Doing file.seek(0)
will reset the StringIO file to be ready to create another thumbnail.
Read more comments by Greg Allard
posted on April 29th, 2009 by Greg Allard in Greg's Comments on the Internet
I just installed django-memcache-status to see the usage of memcache in the django admin interface. It looks pretty good and it’s easy to install. Just download it and add it to installed apps.
http://github.com/bartTC/django-memcache-status/
Read more comments by Greg Allard
posted on April 29th, 2009 by Greg Allard in Greg's Comments on the Internet
Yeah amazon’s content distribution network is awesome and not a bad price. I’d like to hook that up sometime soon. I didn’t know that subdomains would help with the browser limit. That’s a good idea.
Read more comments by Greg Allard
posted on April 27th, 2009 by Greg Allard in Greg's Comments on the Internet
I gave it another shot and it still wasn’t working. I sent a message to the google group and got a response from someone at google. It is a feature that needs to be implemented and it sounds like they will prioritize it since a few people were requesting it.
http://groups.google.com/group/google-analytics…
Read more comments by Greg Allard
posted on April 25th, 2009 by Greg Allard in Greg's Comments on the Internet
This is awesome. It was pretty easy to get going. It seems like google analytics is unable to produce one type of result that I want though. For a single page on my site I want to know the keywords that got people there or the referrers. I can browse to it on the web interface, but I keep getting bad request errors when I try a way to get that info from them.
I’ve tried adding pagePath and keyword as dimensions and I’ve tried using a filter on pagePath while only having keyword as a dimension. Neither of those would work. Do you have any other ideas I could try?
Read more comments by Greg Allard
posted on April 25th, 2009 by Greg Allard in Greg's Comments on the Internet
Thanks. I’ve never been to tutlist before. Sounds like a good idea.
Read more comments by Greg Allard
posted on April 24th, 2009 by Greg Allard in Greg's Comments on the Internet
Ah good question. I left that in from some old code I guess. It was probably from before I made the model work by being applied to any other object. I removed it from the code. Thanks.
Read more comments by Greg Allard
posted on April 24th, 2009 by Greg Allard in Greg's Comments on the Internet
I haven’t gotten into caching and increasing performance of my application code itself; I was starting with the server. Thanks for the suggestion. When I do get around to speeding up slow parts of my code, I’ll keep Beaker in mind.
Read more comments by Greg Allard