Overrides current user based on host prefix. For example any request to 5.user.example.com (format can be changed in settings) becomes request as if you were logged in as user with ID 5. This allows you to be logged in as different users in different tabs at the same time without losing your primary authenticated user.

Works only if you're logged in as superuser by default (can be changed in settings).

Also gives you big red banner on top of every page if your user is overridden.

• Your DNS server should resolve subdomains *.user.<your domain> to the same IP address as main domain.
• Your project should not use absolute link generation or any other technic that can change current subdomain. It is a more inconvenience than requirement though.

1. Install the package from PyPI: pip install django-host-user-override

2. Add host_user_override to INSTALLED_APPS:

INSTALLED_APPS = [
   ...,
   'host_user_override',
   ...,
]

3. Add HostUserOverrideMiddleware right after AuthenticationMiddleware:

MIDDLEWARE = [
   ...,
   'django.contrib.auth.middleware.AuthenticationMiddleware',
   'host_user_override.middleware.HostUserOverrideMiddleware',
   ...,
]

4. Update your settings.py file to support subdomains (don't forget about DNS as well):

ALLOWED_HOSTS = ['.example.com']

SESSION_COOKIE_DOMAIN = '.example.com'

5. Set new change_form.html template in UserAdmin:

admin.site.unregister(User)

@admin.register(User)
class CustomUserAdmin(UserAdmin):
    change_form_template = 'host_user_override/change_form.html'

6. Update settings.py if you want host pattern other than <id>.user.<domain>. Example for u<id>.<domain>:

HOSTUSEROVERRIDE_HOST_REGEXP = r'u(\d+)\..+'

HOSTUSEROVERRIDE_HOST_SUB_REGEXP = r'u\d+\.'

HOSTUSEROVERRIDE_REDIRECT_URL_FORMAT = 'http://u{user_id}.{host}/'

HOSTUSEROVERRIDE_PERMANENT_REDIRECT = False

7. Set HOSTUSEROVERRIDE_PERMISSION_CHECK to customize required permissions. Should be function that takes 2 positional arguments: current user and desired user.

8. Set HOSTUSEROVERRIDE_FORCE_ACTIVE to force overriden user to be active even when he is actually disabled.

Open any non-superuser in Django Admin and press 'Login as multiuser' button.

This project is licensed under the MIT License - see the LICENSE file for details.

• Props to django-debug-toolbar team for HTML injection code
• Thanks to @dimoha for original idea