问题
I have a couple of python 3.6 Flask apps running on my apache server using WSGI.
There are 2 different apps running on the same apache server:www.example.com/lodgewww.example.com/dashboard
Both apps have a unique app.secret_key
The /dashboard app is a flask app with its own set of routes:/dashboard/login/dashboard/orders/dashboard/staff
The login route calls session.clear() and lets the user enter their login information. A logged in token then gets stored in a session variable.
Both the /dashboard/orders and dashboard/staff routes have a decorator which checks for the existence of the logged in token in session and redirects to the login route if it does not exists.
The /lodge app is another simple Flask app with its own routes:/lodge/welcome/lodge/personal/lodge/review/lodge/confirmation
The welcome route also calls session.clear() and then displays a webform. When the user submits the webform, the personal route is called which stores those webform input values into session.
The issue that I am having is if I navigate to www.example.com/dashboard/login and login, I can then flick between the staff and orders routes no problems at all, however when I then open a new tab and go to www.example.com/lodge/welcome (which then calls session.clear) and then reopen the dashboard tab and try to go to the staff or orders route, I get redirected back to the login route as the session has been cleared.
httpd.conf:
<VirtualHost *:80>
WSGIScriptAlias /newapp "c:/lodge/lodge.wsgi"
<Directory "c:/lodge">
Require all granted
</Directory>
WSGIScriptAlias /dashboard "c:/dashboard/dashboard.wsgi"
<Directory "c:/dashboard">
Require all granted
</Directory>
</VirtualHost>
Side note, this does not happen if I access the dashboard app on http://example.com/dashboard and the lodge app on http://www.example.com/lodge
回答1:
Side note, this does not happen if I access the dashboard app on http://example.com/dashboard and the lodge app on http://www.example.com/lodge
This is actually the reason why you are seeing this behavior. Cookies are bound to domains and not paths.
Once you set a cookie at example.com, it is valid for all links, paths and URLs for that domain. It is not valid for www.example.com - this explains why it works if you run one of your apps on a different subdomain.
So what you are seeing is the proper behavior.
回答2:
Try to use virtual environments. It seems that your flask apps running in one python execution thread. Here you can find, how to run your app(s) in a virtual environment.
回答3:
Answering my own question here.
I achieved multiple applications on the same apache server quite easily by changing the app configs for both apps. No virtual enviroments or tinkering with wsgi scripts needed!
Lodge app:
app = Flask(__name__)
app.config.from_object(__name__)
app.config.update(
SESSION_COOKIE_NAME = 'session_lodge',
SESSION_COOKIE_PATH = '/lodge/'
)
Dashboard app:
app = Flask(__name__)
app.config.from_object(__name__)
app.config.update(
SESSION_COOKIE_NAME = 'session_db',
SESSION_COOKIE_PATH = '/dashboard/'
)
The answeres by @m-dennis and @burhan-khalid porivded some insight to the problem so thanks for that!
Having multiple sub domains was not an option for me and I encountered the same issue when having both apps run in their own virtual enviroments.
来源:https://stackoverflow.com/questions/45475993/multiple-python-flask-apps-on-single-apache-server-losing-sessions-when-session