Friday, September 30, 2011

Re: set_test_cookie() on every page?

While this is not directly your question, if you want to do something
on literally every view, the easiest way to do it would most likely be
to add a custom middleware with a process_request or process_response
method.

More to the point, you should not call set_test_cookie on every view -
in the example on the Django docs, the view calls set_test_cookie()
then checks for success only if the request method is POST, and if it
worked, the logic is short-circuited by a return. So effectively, the
workflow for that page goes like this:

-user requests login page with method GET
-set_test_cookie is called on view
-user receives page and Set-Cookie header
-user logs in, sending form data with POST
-view sees user requesting with POST and checks for existence of
cookie
-if it fails, it tells the user to enable cookies.
-otherwise, user is logged in (and the cookie should have been
deleted, but it's not a major problem)

As the user should request the page normally (a GET) before they log
in (a POST), you should be able to detect whether they have cookies
enabled. There is a weakness in this logic - if the user POSTs
directly to the page, they may not have the test cookie set, but even
if you call set_test_cookie on every view, this won't close that.


On Sep 29, 8:49 pm, Victor Hooi <victorh...@gmail.com> wrote:
> Hi,
>
> I've read the Django docs on setting test cookies
> (https://docs.djangoproject.com/en/dev/topics/http/sessions/#setting-t...),
> and I'm still a bit confused.
>
> One of our views sets a session variable to remember the object a user is
> currently viewing (we figured it wasn't worth storing in the database for
> this).
>
> Should I put set_test_cookie() on every view? That seems a bit
> silly/redundant.
>
> However, if I only put it on the view that sets the session variable,
> doesn't that mean the user has to visit that page twice - once to set the
> cookie, and (since the if test will fail that first time) again to verify it
> was set? How will the user even know to do that?
>
> Do people actually check for the test cookie these days, or do they just
> assume it's set?
>
> But then if we call delete_test_cookie(), doesn't that mean we have to set
> it all over again if the user needs to sets thesession variable again? Or
> should we not call delete_test_cookie()
>
> Cheers,
> Victor

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment