According to the Django documentation, the HttpRequest object has a "user" attribute that represents the currently logged in user if the Django installation has activated AuthenticationMiddleware. How does the request object know what the user is? Does the middleware set the user in a cookie and save that cookie to the client browser after the user logs in? In my code, I save the user's ID (from the auth_user table) to a session variable after they've logged in and I usually examine it on each page. If this information is always available in the request object, I shouldn't need to do this. All I should need to do is examine request.user.id. Is this correct?
Thanks.
Yes you've got it, except the user data is stored in the session. You're doing redundant work by keeping track off all that yourself - this something Django is great at!
Check out this documentation on user objects
.. and this article on all of it specifically.
User id is stored not in the cookie but in the session.
And yes, you shouldn't save this data in the session by yourself:
if request.user.is_authenticated():
user_id = request.user.id
If the view should be available for logged users only then instead of checking of request.user.is_authenticated() use the #login_required decorator.
Related
I know if want you to store form information to the session during a submit you do it with the 'def post' in your view. However, I can not figure out how to store form information when a random link e.g. 'homepage'.
How would you go about storing form information when a user clicks away from the form?
To store information in the session, you don't really need to post, or submit some kind of form. You can do it anywhere, where you have request using session attribute.
the session is dict like object and you can save there any basic types (str, int, float) if you use django's basic configuration, like so:
request.session["data1"] = "my data stored in session"
request.session.get("data2")
also, please note that you may directly have no session accessible, since django won't automatically create session for you. in fact to resolve the issue you could "initialize" it, with: request.session.save()
please take a look at official documentation.
I am currently developing guest checkout in django as I don't want to use django-oscar which gives guest checkout functionality. I searched and got to the conclusion that it can be done through session and got to know that when user logs in the system at that time row will be created in django_session table. So I will have to create manual entry in django_session for my guest checkout. Can anyone please throw some light on how and which will be the best way to do it?
The easiest way it would be to set request.session['user'] to some default value (e.g. guest) by default (you can do
try:
request.session['user']
except KeyError:
request.session['user'] = 'guest'
at the start of every view function (pr functions that can be accessible directly by typing some URL. That's what I've always done and it makes miracles ;). What it actually does is checks whether a user is logged in (request.session has the key user) or not (request.session does not have the key user). When user logs in, set request.session['user'] to his username.
You don't want to touch the django_session table yourself.
Instead, please read
a tutorial about the session framework, or
the more in-depth documentation
The gist of it is that you can store things in the session dict using
request.session['foo'] = True
and they will be transparently persisted using a cookie. You can retrieve them similarly.
This may sound too easy to understand but I am not sure I am having my head around it.
When a user is signing up in the first page of my app, I have request.session['user_id'] set which is used in page two of the sign up to complete registration. The user_id is the primary key to user in USER TABLE but I don't want to store user_id in session. I fear it might be tampered with and the WRONG row might get updated.
I would want something like a token that would be generated by my script but Django's SESSION TABLE only has three columns (session_key, session_data, expire_date) and it saves session details to it automatically.
My questions precisely are:
Can I tinker with the SESSION TABLE and add a session_token to it or I have to create my own table?
How do I get the session_token to automatically save like other columns in Django SESSION TABLE?
Or is `request.session['user_id'] okay and safe?
Do all these also apply to COOKIES and why do I need to use cookies when SESSION_EXPIRE_AT_BROWSER_CLOSE is set to FALSE?
The session is stored in the database, not in the user's cookie. There is no way for the user to change that data. The only thing stored in the cookie is the hash of the session ID itself.
To learn Django, I was making a very basic app which does the following:
Takes a user's login (checks id password in a database).
If user exists and password is right, give user option to either insert,delete or update.
If insert, user can insert an entry into a common table.
Similarly for delete or update.
I was cruising through this but I just got stuck.
My Login page is /index/.
Option for insert/delete/update is at /application/.
Now next, page is displayed according to insert/delete/update at /application/action/
Now the problem is that after completing one insertion, I want to return to /application to carry on my next operation.
But if I do that, I get this error
"Key 'userid' not found in <QueryDict: {}>"
So the view for /application/ is expecting the userid and password in request.POST.
How do I get around this without using external user login modules. I just want a very basic login system just to learn.
Django comes with user authentication built in. I don't think it is external as it is included in django.contrib.
If you use the built in user authentiaction and User model, you will not have to pass the userid to each view. Django will automatically retrieve the logged in user from the session and make it available as a property of the request object.
So using built in user and authentiaction, after logging in a user, you can access that user at
request.user
I am new user of Django.
I want to use the built in Django Auth app for secure login. However, once a user logs in, based upon the username, I want to load it's data on the first page (lets call it welcome or home page). If I write my own login, I get stuck with URLs. All my pages become http://127.0.0.0.1:8000/login/..... I don't know where this /login/ comes from (it's written in settings file but who calls it I don't know) so after losing hope, I went for Auth login again.
I am sure there is a nice and easy way to retrieve the username but where should I write this code? in the login view of Auth app? would then that code will become part of my application?
Information about the user that's currently logged in is stored in the request.user object (request being the first parameter of every view function). request.user is an instance of the User class from django.contrib.auth. So, you can pass the user object to your templates and make all the information about the logged in user avalable that way (user.username, user.email, etc).