Hello everyone, Django newbie here, so please forgive me if this has been asked before but I haven't been able to find it.
I am using django-registration with Django 1.6 and I can register a user, log a user in and out fine using /accounts/login and /accounts/logout urls. After the user logs in, he is redirected to a url which serves a page with a javascript (qooxdoo app) based GUI. This app requests a Django view (issuing a GET) that requires an authenticated user and returns a forbidden 403 for unauthenticated users. The problem is that I keep getting forbidden 403. Having looked around it seems that it is because this request does not include the sessionid cookie which is an http only cookie. I know it is possible to change that in Django settings but it sounds unappealing. So what is the correct way for javascript to request protected views from Django after user authentication? Thanks -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/bb0d2176-d58a-4981-8caf-0ffa36a25c71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
