I have a site that allows Facebook authentication using django-social-auth
Now I also need to authenticate using a non-cookie-based API. My idea is to include a "sessionid=" as a POST field (it will be using HTTPS). So far I managed to "fool" django to access this sessionid as if it were a cookie (I basically do something like request.COOKIES['sessionid'] = request.POST['sessionid'] in a middleware).
My problem is how to give the sessionid to the user right after he authenticated. From what I could find out, facebook gives the user an "access token" which is then sent to /complete/facebook/ , which is processed by django-social-auth and returns a "Set-cookie" header containing the "sessionid" key. But instead of that, I'd need it to return the sessionid key as a json in the page content (the API client can't read http response header).