Hi,

If you type your password wrong, user will be None, and your code will then 
redirect to the "register" page.

If you press "back" after a successful login, the CSRF token will be out of 
date and the form won't work.

Are you caching any pages?

Collin

On Friday, November 28, 2014 12:55:35 AM UTC-5, Rootz wrote:
>
> I have a django app but I having problems with my login views and logout 
> views. I do not have a html template designated to handle user login/logout 
> view.
> Django project is configured as follows:
>
> INSTALLED_APPS 
> <https://docs.djangoproject.com/en/1.7/ref/settings/#std:setting-INSTALLED_APPS>
>  setting:
>
>    1. 'django.contrib.auth' contains the core of the authentication 
>    framework, and its default models.
>    2. 'django.contrib.contenttypes' is the Django *content type system* 
>    <https://docs.djangoproject.com/en/1.7/ref/contrib/contenttypes/>, 
>    which allows permissions to be associated with models you create.
>    3. 'django.contrib.sessions',
>    
>  MIDDLEWARE_CLASSES 
> <https://docs.djangoproject.com/en/1.7/ref/settings/#std:setting-MIDDLEWARE_CLASSES>
>  setting:
>
>    1. SessionMiddleware 
>    
> <https://docs.djangoproject.com/en/1.7/ref/middleware/#django.contrib.sessions.middleware.SessionMiddleware>
>     manages *sessions* 
>    <https://docs.djangoproject.com/en/1.7/topics/http/sessions/> across 
>    requests.
>    2. AuthenticationMiddleware 
>    
> <https://docs.djangoproject.com/en/1.7/ref/middleware/#django.contrib.auth.middleware.AuthenticationMiddleware>
>  associates 
>    users with requests using sessions.
>    3. csrf.CsrfViewMiddleware 
>
>
> Using Django Template Language and Template inheritance. The login form is 
> on the base template on other templates extends from this base template.
>
> All my login attempts result in some of the views rendering the user info 
> (username to welcome user back) while other views rendering the page as if 
> the user is an anonymous user. If I try to login in again I get an error 
> page stating that there is a missing csrf token or incorrect. Adding to 
> this I have identified many instances where I have tried to logout and it 
> does not seem to log me out because it is still showing the last user login 
> info. For my base template I have hard coded the form (meaning not using 
> Django Form class).
>
> Can You identify the possible fault in how i am implementing the login and 
> logout views?
>
>  
>  Here is a copy of my login and logout views
>
> def members_login(request):
>
>     if request.method == 'POST':
>         password = request.POST['password']
>         username = request.POST['username']
>         user = authenticate(username=username,password=password)
>
>         if user is not None:
>             if user.is_active:
>                 login(request,user)
>                 return redirect('members:index')
>             else:
>                 #inactive users required to re-register
>                 return redirect('members:index')
>         else:
>             #no account required to register to create one
>             return redirect('members:register')
>     
>     else:
>         #test if login is a regular get request then redirect
>         return HttpResponseRedirect(reverse('members:index'))
>
>
> def members_logout(request):
>     logout(request)
>     return redirect('members:index')
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c106f934-66a0-4f60-b1b4-05095b9adf73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to