Return request context after requests.post
I have a Server A that makes a POST request to Server B using python's request module (r = request.post(url=url)). Server B modifies the request and returns a response with a redirect to a url. I can access the redirected url by doing a redirect(r.url) on Server A but I need to pass the modified request context along with it. Is this possible?
Scenario:
Server A is running on python Flask.
r = requests.post(url='https://serverb.com/validateToken', data='token':'abc')
redirect(r.url)
Server B is running on python Django.
def validateToken(request):
# On successful validation
request.session[key] = mapped_token_to_user_id
redirect('/successfulToken') # On server B
When accessing /successfulToken, Server B checks to see if session exists on request object but because of the redirects, the request is naked.
python flask python-requests
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
add a comment |
I have a Server A that makes a POST request to Server B using python's request module (r = request.post(url=url)). Server B modifies the request and returns a response with a redirect to a url. I can access the redirected url by doing a redirect(r.url) on Server A but I need to pass the modified request context along with it. Is this possible?
Scenario:
Server A is running on python Flask.
r = requests.post(url='https://serverb.com/validateToken', data='token':'abc')
redirect(r.url)
Server B is running on python Django.
def validateToken(request):
# On successful validation
request.session[key] = mapped_token_to_user_id
redirect('/successfulToken') # On server B
When accessing /successfulToken, Server B checks to see if session exists on request object but because of the redirects, the request is naked.
python flask python-requests
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the/successfulTokenURL, and not have Server B access that URL?
– Martijn Pieters♦
Nov 12 '18 at 22:06
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, andr.urldoesn't include the cookie.
– Martijn Pieters♦
Nov 12 '18 at 22:07
add a comment |
I have a Server A that makes a POST request to Server B using python's request module (r = request.post(url=url)). Server B modifies the request and returns a response with a redirect to a url. I can access the redirected url by doing a redirect(r.url) on Server A but I need to pass the modified request context along with it. Is this possible?
Scenario:
Server A is running on python Flask.
r = requests.post(url='https://serverb.com/validateToken', data='token':'abc')
redirect(r.url)
Server B is running on python Django.
def validateToken(request):
# On successful validation
request.session[key] = mapped_token_to_user_id
redirect('/successfulToken') # On server B
When accessing /successfulToken, Server B checks to see if session exists on request object but because of the redirects, the request is naked.
python flask python-requests
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
I have a Server A that makes a POST request to Server B using python's request module (r = request.post(url=url)). Server B modifies the request and returns a response with a redirect to a url. I can access the redirected url by doing a redirect(r.url) on Server A but I need to pass the modified request context along with it. Is this possible?
Scenario:
Server A is running on python Flask.
r = requests.post(url='https://serverb.com/validateToken', data='token':'abc')
redirect(r.url)
Server B is running on python Django.
def validateToken(request):
# On successful validation
request.session[key] = mapped_token_to_user_id
redirect('/successfulToken') # On server B
When accessing /successfulToken, Server B checks to see if session exists on request object but because of the redirects, the request is naked.
python flask python-requests
python flask python-requests
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
edited Nov 12 '18 at 22:04
Martijn Pieters♦
719k14025092319
719k14025092319
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
asked Nov 12 '18 at 21:45
crossfuse999crossfuse999
508
508
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the/successfulTokenURL, and not have Server B access that URL?
– Martijn Pieters♦
Nov 12 '18 at 22:06
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, andr.urldoesn't include the cookie.
– Martijn Pieters♦
Nov 12 '18 at 22:07
add a comment |
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the/successfulTokenURL, and not have Server B access that URL?
– Martijn Pieters♦
Nov 12 '18 at 22:06
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, andr.urldoesn't include the cookie.
– Martijn Pieters♦
Nov 12 '18 at 22:07
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the
/successfulToken URL, and not have Server B access that URL?– Martijn Pieters♦
Nov 12 '18 at 22:06
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the
/successfulToken URL, and not have Server B access that URL?– Martijn Pieters♦
Nov 12 '18 at 22:06
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, and
r.url doesn't include the cookie.– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, and
r.url doesn't include the cookie.– Martijn Pieters♦
Nov 12 '18 at 22:07
add a comment |
1 Answer
1
active
oldest
votes
The Django server will have set a cookie to identify the client associated with the session:
request.session[key] = mapped_token_to_user_id
See the Django session documentation:
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]
You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.
And unless Server B is on the same domain as Server A, you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com, that would be a really big security issue if they did.
So if Server A and Server B are on two different domains (e.g. foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.
If Server A and Server B do share a domain (foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.
Either way, you need to extract the session cookie; the default name used by Django is sessionid:
session_cookie = r.cookies['sessionid']
If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request (requests.get(url, cookies='sessionid': session_cookie).
If you are going to give it to the client on a redirect, set it on the response before you return it:
response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270559%2freturn-request-context-after-requests-post%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The Django server will have set a cookie to identify the client associated with the session:
request.session[key] = mapped_token_to_user_id
See the Django session documentation:
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]
You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.
And unless Server B is on the same domain as Server A, you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com, that would be a really big security issue if they did.
So if Server A and Server B are on two different domains (e.g. foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.
If Server A and Server B do share a domain (foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.
Either way, you need to extract the session cookie; the default name used by Django is sessionid:
session_cookie = r.cookies['sessionid']
If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request (requests.get(url, cookies='sessionid': session_cookie).
If you are going to give it to the client on a redirect, set it on the response before you return it:
response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
add a comment |
The Django server will have set a cookie to identify the client associated with the session:
request.session[key] = mapped_token_to_user_id
See the Django session documentation:
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]
You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.
And unless Server B is on the same domain as Server A, you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com, that would be a really big security issue if they did.
So if Server A and Server B are on two different domains (e.g. foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.
If Server A and Server B do share a domain (foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.
Either way, you need to extract the session cookie; the default name used by Django is sessionid:
session_cookie = r.cookies['sessionid']
If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request (requests.get(url, cookies='sessionid': session_cookie).
If you are going to give it to the client on a redirect, set it on the response before you return it:
response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
add a comment |
The Django server will have set a cookie to identify the client associated with the session:
request.session[key] = mapped_token_to_user_id
See the Django session documentation:
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]
You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.
And unless Server B is on the same domain as Server A, you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com, that would be a really big security issue if they did.
So if Server A and Server B are on two different domains (e.g. foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.
If Server A and Server B do share a domain (foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.
Either way, you need to extract the session cookie; the default name used by Django is sessionid:
session_cookie = r.cookies['sessionid']
If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request (requests.get(url, cookies='sessionid': session_cookie).
If you are going to give it to the client on a redirect, set it on the response before you return it:
response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
The Django server will have set a cookie to identify the client associated with the session:
request.session[key] = mapped_token_to_user_id
See the Django session documentation:
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]
You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.
And unless Server B is on the same domain as Server A, you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com, that would be a really big security issue if they did.
So if Server A and Server B are on two different domains (e.g. foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.
If Server A and Server B do share a domain (foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.
Either way, you need to extract the session cookie; the default name used by Django is sessionid:
session_cookie = r.cookies['sessionid']
If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request (requests.get(url, cookies='sessionid': session_cookie).
If you are going to give it to the client on a redirect, set it on the response before you return it:
response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
answered Nov 12 '18 at 22:21
Martijn Pieters♦Martijn Pieters
719k14025092319
719k14025092319
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
add a comment |
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
Thank you for illustrating this concept so well. It is definitely because these two servers don't share the same domain so I am unable to see the cookie set... Also, it is unfortunate but I have this setup due to the hoops I had to jump through revolving GAE Standard cons which required a Flex setup.
– crossfuse999
Nov 12 '18 at 22:44
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53270559%2freturn-request-context-after-requests-post%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What is the 'request context' here? Are you using Django or Flask or another web server framework here?
– Martijn Pieters♦
Nov 12 '18 at 21:48
I edited the question to the scenario I'm facing... I hope this clarifies my question a bit. Please let me know if this doesn't make sense
– crossfuse999
Nov 12 '18 at 22:02
You didn't explain this very well, but at least the Django server code shows that a cookie is set. Presumably you want the client using server A to be redirected to the
/successfulTokenURL, and not have Server B access that URL?– Martijn Pieters♦
Nov 12 '18 at 22:06
put differently: why are you redirecting the client that connects to Server A to Server B?
– Martijn Pieters♦
Nov 12 '18 at 22:07
The 'request context' here is the cookie that Django passed along with the response, and
r.urldoesn't include the cookie.– Martijn Pieters♦
Nov 12 '18 at 22:07