Django + redis session sharing accross multiple hosts

Question

There are 2 django (same version, same sessions middleware) apps hosted on different hosts within the same domain which share a redis sessions-store.

But then when we try login on one app, the second one never gets the session data. When the 2 django apps are hosted on the same host everything works fine. We tried to set SESSION_COOKIE_DOMAIN on both apps in settings.py but without any success so far. Does anybody have a clue about what could be wrong or give me some leads about how to succesfully share sessions data beween my 2 apps ?

Below is small scheme of what we want to achieve:

|------------------------|
| site1.domain.tld
|------------------------|
      |
      |
|----------------------------|
| Redis session store
|----------------------------|
      |
      |
|------------------------|
| site2.domain.tld
|------------------------|

Note: SESSION_COOKIE_DOMAIN is set to ".domain.tld" for both apps, and SECRET_KEY is also the same.

Regards,

Clément.

Answer 1

Quite a long shot, as I'm not entirely sure about the inner workings of the redis session backend, but looking at the cache_key method of the default SessionStore and the _get_new_session_key method it calls, one could hypothesise that a unique cache key is being computed for each server.

The django documentation explicitly states that by:

[…] sharing a cache instance between servers, or between your production and development environments, it’s possible for data cached by one server to be used by another server.

I would suggest you have a look at the KEY_PREFIX and KEY_FUNCTION settings, perhaps explicitly setting values in both server configs will yield the desired effects. Also, by looking into the source code for the redis session store might give you valuable insight into if and how it handles the key prefix.