Sunday, November 30, 2014

Re: Simple Login Problem

Hi,

If you type your password wrong, user will be None, and your code will then redirect to the "register" page.

If you press "back" after a successful login, the CSRF token will be out of date and the form won't work.

Are you caching any pages?

Collin

On Friday, November 28, 2014 12:55:35 AM UTC-5, Rootz wrote:
I have a django app but I having problems with my login views and logout views. I do not have a html template designated to handle user login/logout view.
Django project is configured as follows:

INSTALLED_APPS setting:

  1. 'django.contrib.auth' contains the core of the authentication framework, and its default models.
  2. 'django.contrib.contenttypes' is the Django content type system, which allows permissions to be associated with models you create.
  3. 'django.contrib.sessions',

 MIDDLEWARE_CLASSES setting:

  1. SessionMiddleware manages sessions across requests.
  2. AuthenticationMiddleware associates users with requests using sessions.
  3. csrf.CsrfViewMiddleware 

Using Django Template Language and Template inheritance. The login form is on the base template on other templates extends from this base template.

All my login attempts result in some of the views rendering the user info (username to welcome user back) while other views rendering the page as if the user is an anonymous user. If I try to login in again I get an error page stating that there is a missing csrf token or incorrect. Adding to this I have identified many instances where I have tried to logout and it does not seem to log me out because it is still showing the last user login info. For my base template I have hard coded the form (meaning not using Django Form class).

Can You identify the possible fault in how i am implementing the login and logout views?

 
 Here is a copy of my login and logout views

def members_login(request):

    if request.method == 'POST':
        password = request.POST['password']
        username = request.POST['username']
        user = authenticate(username=username,password=password)

        if user is not None:
            if user.is_active:
                login(request,user)
                return redirect('members:index')
            else:
                #inactive users required to re-register
                return redirect('members:index')
        else:
            #no account required to register to create one
            return redirect('members:register')
    
    else:
        #test if login is a regular get request then redirect
        return HttpResponseRedirect(reverse('members:index'))


def members_logout(request):
    logout(request)
    return redirect('members:index')

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c106f934-66a0-4f60-b1b4-05095b9adf73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment