I have a login form. When login button is pressed user's homepage is displayed. But pressing browser's back button takes control back to login form.
I am using django development server.
I have tried inserting meta tags to prevent cache and django #no-cache
But it doesnt work out
The default django login page can be viewed when logged in. You could decorate the login view function and redirect the user if already logged in.
response = <the_way_you_create_response> (ie direct_to_template, HttpResponse)
response['Cache-Control'] = 'no-cache, no-store'
return response
and of course you need to check request.user.is_authenticated() in the view (and do the redirect if value is True)
In your login page you need to check if a users session exists and if it does then you should redirect the user to his homepage.
However, this can't be done with a HTML page so you need to use some kinda server side scripting language(PHP, ASP, JSP Etc) for your login page.
Related
This question already has answers here:
How to pass a variable between Flask pages?
(2 answers)
Closed last year.
I am creating a web application in which there is a page (let's call it 'event' page) which is not login protected(i.e. users can see the page without logging in).
The page shows some event details to which user can select if they are attending or not by clicking appropriate button.
Upon clicking the button, user is redirected to login page since they need to login before they can choose an option.
Once the user is goes to login page, I want to redirect the user back to the 'event' page after they login. How do I do that?
If the 'event' page was login protected, I know I can use Flask 'next' to redirect user to the page they were trying to view which needs login. But how do I implement this for pages that are not login protected?
Surprisingly, I used the "session" object in Flask to solve the problem.
I was under the impression that "session" comes into play only after user has logged in, but apparently not.
When user clicked to register their response, before redirecting them to sigin page I stored the current url in the session storage like:
session['prev_url'] = request.url
Then on the signin page, after successful signin, I checked the 'prev_url' key in session, if it exists, I redirected to that page else I redirected to home page. Something like:
if session.get('prev_url') is not None:
return redirect(session.get('prev_url'))
return redirect(url_for('index'))
Although the question is simple I can't figure a way out to make this work.
I have many pages on a website and each page displays a button for the user to LOGOUT. If the user clicks on the button in some specific page the logout redirect should send them to the same page.
Since I'm using the LOGOUT_REDIRECT_URL = '/' in my setting.py the Logout buttons always redirects me to my home page.
Thanks in advance.
You can send a next_url attribute to the logout request which Django LogoutView uses to know to which page redirect after the logout. Something like:
Logout
I'm using Django-allauth , I can successfully redirect it to home page by adding this in settings.py:
LOGIN_REDIRECT_URL = '/home'
But is there anyway I can redirect it to pervious page?
What you're looking for should actually work out of the box by using the redirect field, which is next by default:
https://docs.djangoproject.com/en/3.1/topics/auth/default/#django.contrib.auth.mixins.AccessMixin.get_redirect_field_name
The view that is checking for the access permission and redirecting to the login form only needs to pass the URL the user was previously on. If that field is present, the user will be redirected to that particular page after logging in.
How are you restricting login? I assume you're not passing next? The #login_required decorator and the LoginRequiredMixin for class-based views both set next by default.
This is what the docs say about how LoginView handles POST requests:
If called via POST with user submitted credentials, it tries to log the user in. If login is successful, the view redirects to the URL specified in next. If next isn’t provided, it redirects to settings.LOGIN_REDIRECT_URL (which defaults to /accounts/profile/).
I am writing a web based application that has a same login form in every page,so when user submit login form data sent to '/login/' page that corresponde view to this url will check the data has submitted and if input data was incorrect app must back to previews view and on that view in login form i must write a error that indicate that user entered incorrect data,so my question is how can i send data from login view to previous view(like home) that user entered incorrect data?
You can use sessions ... specifically messages framework
example from docs:
messages.add_message(request, CRITICAL, 'A serious error occurred.')
and related question
Displaying Django Messages Framework Messages
In your login view, you use HttpResponseRedirect to send your user to your home view if the login is successful.
If the login is not successful, show the user the login form along with some error message that you can show the user if needed.
At the home view, you check if the user is logged in - if not, use HttpResponseRedirect to send them to the login view.
I'm using the django.contrib.auth.views.login and .logout views. Very handy, worked out of the box, would deploy again AAA+ etc.
The problem arises since I'm not using a separate login page, but rather I have a login box in every page (unless the user is logged in, of course). And so, when the username/password combination is wrong, I get an error.
Which of these three paths should I choose?
There is a secret way to redirect to next not only on success but also on error. If so, please tell me!
I write my own login view, putting to use Django's message system in the meanwhile
I write a login page (well, it's just missing a template) so I can exploit the full awesomeness of the Django auth system.
One of possible solutions (first + third choices in your list):
You have to provide special login page (that is define registration/login.html)
and for non loged in user each normal page has login form;
if user logins normally (this logic handled in django.contrib.auth.views.login):
for normal page: redirect user to the page from where she loged in;
for login page: if there is next param, redirect there, else redirect to main page;
if user fails to login: redirect (or redraw) login page with errors provided;
if user is loged in: normal page provides a link to logout (special page is still there in case if user want's to re-login or login through another account).
In normal pages, login form should have something like this <input type="hidden" name="next" value="{{ request.path }}" />.
In project settings:
# in settings.py
LOGIN_URL = '/login' # this should coinside with url pattern of login view
LOGOUT_URL = '/logout' # same but for logout view
LOGIN_REDIRECT_URL = '/' # url to main page
N.B.: I don't use django's buildin logout view instead I use my own: almost the same but does logout only for POST requests. This disallows users to logout by <img src='my_site/logout' /> malicious code.