Hi Emmanuel,
Also in a similar thought like Siddharth mentioned, what is your definition of valid credentials? If valid credentials means a username and password, then you will need to use sessions to check if the user is authenticated. Basically you store a value in the session when authentication is successful and you check for that value in your target view.
If by valid credentials, you mean ensuring that the user is navigating from the source view, you could look into checking the value of the Referer header just before granting access. It should match with the source view url.
HTH
On Jan 28, 2013 10:45 AM, "Siddharth Ghumre" <siddharth.ghumre92@gmail.com> wrote:
-- Hi
Are you storing the user data in some database table?
If yes, then you can search for the logged in user with the user data
present in database table.
If you dont find a match then you can send to some error page or re-login page.
-Siddharth
On Mon, Jan 28, 2013 at 8:32 AM, Okorie Emmanuel <nickson1277@gmail.com> wrote:
> i have a form that redirect a user to another page
> when it validates
>
>
> but again i discover that a user can view the that page by typing it on his
> or her url
> without following the normal process of validation
>
> how can i stop this, how can i force a user to see that redirect page only
> when he/she comes only from the main form page, what i mean a user
> can only be redirected to the accept page only when he has the valid
> credentials
> otherwise he/she cannot view the accept page even if he entered the correct
> url
> on his browser.
>
> i intend doing that without django @login decorator
> thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscribe@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment