I'm developing an application for Bitrix24 and I'm having a problem with sessions.
@method_decorator(csrf_exempt, name='dispatch')
class IndexView(View):
r'''Index View.'''
def get(self, request):
r'''Manages Bitrix24 authentication redirect.'''
return render(request, 'frontend/index.html')
# POST working as GET because Bitrix24 does not GET the homepage.
def post(self, request):
r'''Renders the home page and stores Bitrix24 domain in session.'''
request.session['bitrix24_domain'] = request.GET.get('DOMAIN')
return render(request, 'frontend/index.html')
As soon as the user goes to another view, the session is gone, completely. It also happens locally, if I set a key in session and try to retrieve it from another page, all data is lost too.
I'm currently using default settings to Django and using rest-framework.
Can anyone help?
EDIT
I tried using self.request.session and it worked, but doesn't make sense to me. Can anyone explain?
EDIT
I've noticed that I can't login users while my app is in an iframe inside Bitrix24, for example. How do I store things in session in this case?
Django CSP (pip install django-csp) along with SESSION_COOKIE_SAMESITE = None does the trick.
For django-csp:
CSP_DEFAULT_SRC = ["'self'"]
CSP_FRAME_ANCESTORS = ["'self'", 'https://*.example.com']
This would allow Django app to be displayed in all example.com subdomains.