Shopify_auth Multi Store Session Handling
I am using Django with the shopify_auth package to connect with Shopify.
Does anyone have any examples of how to handle multi store sessions/connections?
So far, I am thinking of modifying shopify_auth's
@login_required decorator with the following, but am unsure if I will miss anything with this:
def login_required(f, redirect_field_name=REDIRECT_FIELD_NAME, login_url=None): @wraps(f) def wrapper(request, *args, **kwargs): if request.user.is_authenticated(): # Extract the Shopify-specific authentication parameters from the current request. new_request_d = [ ... get request.GET params ('shop', etc.) ... ] # Compare current active request.user with new reqeust.GET's 'shop' if request.user != new_request_d['shop']: [ ... do something to change session to the other shop ...] [ ... redirect as necessary .... ] return f(request, *args, **kwargs)
In the shopify_auth module their is an unresolved issue about this.
It hints at using the ruby implementation.
Any help in the right direction would be appreciated.
I've solved the issue in the apps I work on by creating a custom modified
SessionMiddleware that creates and handles separate session cookies per store, and associates requests to their respective shop via (in the following order of precedence):
- Request headers
- URL parameters
I unfortunately can't share the exact implementation due to closed-source agreements/restrictions, however I hope this leads you in the right direction.
Make sure that you still include other security middleware (
SecurityMiddleware) so the user can't spoof your system.
The advantage to this rather than logging the user out is that if you're loading anything via AJAX, going back and forth between tabs of different app installs will always work, and you won't have to worry about implementing weird redirect logic to handle those errors.
- → What are the pluses/minuses of different ways to configure GPIOs on the Beaglebone Black?
- → Django, code inside <script> tag doesn't work in a template
- → React - Django webpack config with dynamic 'output'
- → GAE Python app - Does URL matter for SEO?
- → Put a Rendered Django Template in Json along with some other items
- → session disappears when request is sent from fetch
- → Python Shopify API output formatted datetime string in django template
- → Shopify app: adding a new shipping address via webhook
- → Shopify + Python library: how to create new shipping address
- → shopify python api: how do add new assets to published theme?
- → Access 'HTTP_X_SHOPIFY_SHOP_API_CALL_LIMIT' with Python Shopify Module