I have a site that allows Facebook authentication using django-social-auth

Now I also need to authenticate using a non-cookie-based API. My idea is to include a "sessionid=" as a POST field (it will be using HTTPS). So far I managed to "fool" django to access this sessionid as if it were a cookie (I basically do something like request.COOKIES['sessionid'] = request.POST['sessionid'] in a middleware).

My problem is how to give the sessionid to the user right after he authenticated. From what I could find out, facebook gives the user an "access token" which is then sent to /complete/facebook/ , which is processed by django-social-auth and returns a "Set-cookie" header containing the "sessionid" key. But instead of that, I'd need it to return the sessionid key as a json in the page content (the API client can't read http response header).

Seems like a challenge. But perhaps you can make use of a save signal that fires a Comet event with the required JSON. As a starting point an old version of the django-social-auth doc seems to mention signals.

https://django-social-auth.readthedocs.org/en/v0.7.1/signals.html

However a better approach may be to skip django-social-auth all together and go for a python social auth. The documentation itselfs says: "NOTE: THIS LIBRARY IS DEPRECATED IN FAVOR OF python-social-auth."