开发者

Problem with authentication from different domains using Django sessions

开发者 https://www.devze.com 2022-12-23 10:24 出处:网络
I am developing a bookmarklet which essentially adds a toolbar to a web page user is currently looking at. To use it, user needs to be logged in.

I am developing a bookmarklet which essentially adds a toolbar to a web page user is currently looking at. To use it, user needs to be logged in.

To login user clicks on 'Singin' which displays a standard form containing Username, Password etc fields. When user successfully logs in they may chose to navigate to a different web-site. When on another page, they (a) re-load the bookmarklet (b) their session is retrieved from the server (c) user doesn't need to login again. Pretty standard I've would have thought.

Using Django sessions and JQuery.

I'm having troubles implementing the above usecase. Here are some problems I've encountered:

  1. Cross domain POST AJAX requests are disallowed. That was solved with JSONp. I doubt it is a very secure approach but for now it works.
  2. My server returns the session id in a cookie, however when the user navigates to a different page I don't really know how to retrieve that session id to send back to my server. Can I even read third party cookies from my JavaScript?

I'm looking for some guidelines on implementing the above usecase. Ideally I don't want to redirect user to another page for them to sign in. Any suggestion would be greatl开发者_JS百科y appreciated.

Thanks.


There's not really a great way to handle this. Your best bet might to be making a Chrome extension (or Firefox Addon) to achieve similar functionality -- these extensions are able to bypass the browser's security restrictions and grant you access to all of a web page's information.

Sorry for the bad news :(

0

精彩评论

暂无评论...
验证码 换一张
取 消