local copy of this webpage is out of date - django

My Web pages causes following error on the browser's Back Button,
It works fine for firefox but not on IE,
IE Says,
Most likely cause:
•The local copy of this webpage is out of date, and the website requires that you download it again.
What you can try:
Click on the Refresh button on the toolbar to reload the page. After refreshing, you might need to navigate to the specific webpage again, or re-enter information.
what should be the cause ?
I'm using Django + mod_python + apache as production environment.
how can I eliminate this error or how to trace any help would be appreciated.

Using GET instead of POST isn't always possible, e.g. when the amount of data exceed the maximum URL length. So, if you want to use POST i would suggest, that you response with a redirect after each POST. Something like that (pseudocode):
def view(request):
form = Form(request.form)
if request.method == 'POST' and form.validates():
# process form data, e.g.
m = Model(form.data)
m.save()
# response with a redirect (e.g. to the newly inserted data, or
# back to the initial page)
return redirect(m.get_absolute_url())
return render_template('template.html', form=form)
The advantage of this is that the user won't get those annoying warnings about resending any POST data you described and that multiple submissions of the same data are less likely to occur (which means for example fewer double postings).

You're not wrong in your suggestion. It's because you've used a POST on that page. If you want people to go back to the page, put a link on the page to take them back to where they want to go, but make sure that they can still view the page properly without having to POST data to it.

Related

django catching http-referer not working always

if 'HTTP_REFERER' in request.META and 'mysite.com' not in request.META['HTTP_REFERER'] or 'HTTP_REFERER' not in request.META:
return redirect('/')
if HTTP_REFERER is there and if it doesnot contain mysite.com or if HTTP_REFERER not given, it should redirect to startpage.
my code is deployed over 7 servers, scheduled via loadbalancer, the code in all those 7 servers are uptodate. but still, only sometimes, this redirect is not working.
what may I be doing wrong?
the case, where it is not working:
one newssite published a news about my page and pasted a deep link from my page. and I clicked on that link, and it didnot redirect. I got surprised and checked my code, everything was ok, and clicked again on the link and bingo, this time it did redirect me to startpage. I was happy, I thought it may be a caching or smthg. but later, I clicked on the link and the redirect didnot work again. then posted this question. the case is independent of browser type and version.
Firstly, this code could be shortened too:
if 'mysite.com' not in request.META.get('HTTP_REFERER', ''):
return redirect('/')
Secondly, HTTP_REFERER is not guaranteed to be present. It might just be users are using bookmarks, or browser autocomplete which will mean the HTTP_REFERER may or may not be present in the cases you are testing.
If a valid user of the site who uses a bookmark will be redirected. Likewise an invalid user who gets referred from somedomain.com/mysite.com will be redirected. In this case it might be better to use a startwith() when checking the referer. Is there not a better way you can manage what you are trying to do.
Maybe you can update the question with a little more context. I will be willing to help you as best as I can.

Single-page login in Django app

I'm currently using out-of-the-box django.contrib.auth to handle authentication in my Django app. This means that the user starts at a log in page and is redirected to the app on successful login. I would like to make my app single-page, including this login process, where a redirect doesn't happen, but maybe a "hot" template switch-out or some fancy client-side div magic (that still remains secure). My Google searching turned up pretty short, the closest solution dealing with putting a log in form on every page.
Any direction or ideas here would be much appreciated. I would obviously prefer to work within the existing confines of django.contrib.auth if possible, but I'm open to all solutions.
I'm not sure I understand your question completely. I think you want to have a single page. If so, put logic in your template that checks to see if the user is authenticated. If not, display a login form that POSTS to the appropriate django.contrib.auth view. You can supply an argument to this view to have it redirect back to your page. When you come back, the user will be authenticated, so you won't display the login form.
Have a look at Django-Easy-Pjax https://pypi.python.org/pypi/django-easy-pjax - it works like a charm and is well documented. Everything you like is being made with AJAX requests: links, forms using GET and forms using POST.
Essentially you only need to add a data-pjax="#id_of_the_container_where_the_result_goes" attribute in your a and form tags.
And the great thing about it: It updates the title and location bar of your browser.
One caveat: If you want to upload files in some form, this is not supported by Easy-Pjax, so you might want to use some workaround jQuery library for that.

Bypass SESSION_SAVE_ON_EVERY_REQUEST for AJAX call, or better solution

I have a private site that requires login for all pages. When a user goes to edit a record, I don't want to lock the record. I want to keep the record available for others. I devised a system using AJAX calls to django using dajax/dajaxice to get the most recent person and datetime of editing for the record. If the most recent edit was not made by the current user, an alert box notifies the user that another person has made an edit since they've opened the record and they should refresh the page to get the most recent version of the data.
This is all well and good, and works perfectly for our situation. I have a session timing out which, when timed out will send the user to a login prompt. In case the user leaves the page open and leaves the computer, we want the sensitive data protected. This is also working perfectly.
My problem is that when the AJAX call is made to check the version of the data, to see if it is changed, it also saves the session, so the session will never time out no matter how long they are at the page unattended.
Is there a way in a view to bypass the SESSION_SAVE_ON_EVERY_REQUEST, so that only this request does not trigger a save. I know I can manually save the session in every OTHER view, but that seems like the wrong thing to do. I suppose I may be able to write middleware that checks the view requested and only saves the session if it is not this view, but I'm not sure that's the best solution either.
Any suggestions?
Thanks in advance.
I am pretty certain this will work. I added CustomeMiddleWare to settings.py MIDDLEWARE_CLASSES. Also, turned off session saving on every request in settings.py.
class CustomMiddleware(object):
def process_view(self, request, view_func, view_args, view_kwargs):
if view_func.__module__ != "exclude.module" and view_func.__name__ != "excludeMethod":
request.session.save()
Now the problem is that using Dajaxice, the module and name come over as dajaxice_request. Now I don't know how to get the actual method requested. Tried a bunch of things, but haven't been able to. Don't want to hack the DajaxiceRequest code, but may have to.
SOLUTION:
Switched to jQuery ajax for this one method. Created a new urls.py entry to make the single call to get the version of the record. This makes the view_func in process_view available, so I can only save the session on views called other than this one. Woo Hoo! I am still using Dajaxice for all other AJAX methodology.

Download a generated file and redirect in Django

I have a form with which users submit data to my application, and the response to submitting the form is a download with data depending on what they submitted. Since the submission affects the data in the database I want to redirect from this page to prevent the submission accidentally being made twice.
The only solution I've come across is to save the file on the server and redirect to a page which causes the file to download. However I don't really want to be keeping these files or having to manage them on the server.
Is there a way to download the file and then cause the page to redirect?
Consider also the case when the user's internet connection happens to break during the download. Should the user have a possibility to request the same download again in this case? Then you need to store either the generated file or all data needed to regenerate it anyway.
presumably there are two parts to your code, one adding their data to your db, and a second generating their download. could you just do the first part on form submit, and then redirect them (perhaps including some get parameters) to a second page which reads the db and generates their download?

pyfacebook #facebook.require_login() decorator causing constant auth_token refresh

First time using pyFacebook. I've literally copied the example application and put it up onto my server. I've created an FB app and now when I try to load the app basically what happens is that the browser keeps refreshing. I noticed in the url (for example)
https://apps.facebook.com/myapp/?auth_token=8f826cae31717068c18fb16fd7f0a758
Keeps refreshing with the auth_token changing. If I remove the #facebook.require_login() decorator then the page displays without a problem.
Help please.
I've just noticed that it only does this when I select IFrame and not FBML within my app settings. I have fbml templates which don't work. I know have normal html templates which work on the website but when I select IFrame I get that constant loop (changing url with blank white screen)
Ok so after weeks of pain the problem I was having was that Facebook updated it's entire API. This broke python based apps that were based on that. Like PyFacebook.
I now use fandjango and this it's new, has a great developer and nice documentation.
The problem is most probably somewhere in facebook/init.py, around line 1742
if not params:
if request.method == 'POST':
params = self.validate_signature(request.POST)
if not params: #was else
iframe makes POST call, but auth_token is GET variable.. though if validate_signature fails (params still None) go to GET validation. Also I commented out the return in auth_token checks as suggested in pyfacebook issue tracker.