An application requires two user models for authentication. First is the AUTH USER model which has name, email and password and another is Account model which has foreign key relationship with AUTH USER MODEL. PermissionsMixin is inherited by the account model, so all the groups and permissions are related to it, rather to the AUTH USER model.
All the other models and views are associated with Accounts model.
User registration is done once using AUTH USER model. But login should happen in following stages.
- Session authentication for AUTH USER model with email and password which will return session cookies. (say auth cookie). Only purpose of this cookie is to the remember the user until he logins using Account model and cannot be used to access anything else.
- Using the auth cookie, user gets the list of accounts from the accounts table associated with his AUTH USER entry
- User sends the account_id along with the auth cookie.
- Backend returns new session cookie (say account cookie) for that user account and user will have all the permissions associated with that account.
Problem: Django session framework authenticates only against the AUTH USER model, so how can I create account session & cookie the second time for the account model? How can I have multiple session tables for authentication?
CodePudding user response:
Why can't you set your cookie on the current session? I don't quite understand the need for multiple sessions.
You can also extend the database-backed session as you wish: https://docs.djangoproject.com/en/dev/topics/http/sessions/#extending-database-backed-session-engines
Look at the example given there.
CodePudding user response:
I agree with previous answer, I don't see any need for multiple session, wither you have 2 models or a hundred of them. You already have a session object and can check pretty much anything you wish against it: selected account(s), additional password, age confirmation and restrict access through mixins or middleware.