Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set cookie for parent domain #237

Open
osteele opened this issue May 7, 2018 · 0 comments
Open

Set cookie for parent domain #237

osteele opened this issue May 7, 2018 · 0 comments
Labels
auth Authorization and authentication

Comments

@osteele
Copy link
Contributor

osteele commented May 7, 2018

@jwb and @osteele discussed using the cookie-based authentication documented here for single-sign-on across olin.build subdomains.

For this to work, something like this would be necessary:

In abe/auth/__init__.py, modify:

response.set_cookie('app_secret', shared_secret)
to:
response.set_cookie('name', 'value', domain=os.environ.get('AUTH_COOKIE_DOMAIN', None))

Document AUTH_COOKIE_DOMAIN as appropriate.

Set AUTH_COOKIE_DOMAIN to olin.build in production (but, probably not, dev).

Questions:

Does response.set_cookie accept domain=None, or does it need a different value in order suppress the domain?

Will this break clients that aren't served from *.olin.build domain? Maybe the domain should only be set if the referrer is a subdomain.
@osteele osteele added the auth Authorization and authentication label May 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth Authorization and authentication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@osteele