0

I have a login webpage which authenticates the user correctly. When login page accepts user info and sends them to a default logged in page, django correctly gets user info and populates the page accordingly.

Also, when sent to login page from another django's webpage, or when logged in as a user, django will automatically redirect to a default page correctly.

However, after I just logged in as a standard user, entering login page by entering 127.0.0.1:8000/login/ in browser's addressbar or when linked to this page, request.user.is_authenticated() will always return False.

Why is this happening? How come this isn't happening when logged in as superuser?

EDIT:

Here's the code in views.py:

if request.user.is_authenticated():
    #redirect to logged in page
if request.method == "POST":
    email = request.POST.get("email_input")
    password = request.POST.get("password_input")

    users = UserProfile.objects.all()  # FIXME: Inefficient GET request

    for user in users:
        if user.user.email == email and check_password(password, user.user.password):
            login(request, authenticate(username=email, password=password))
            #go to logged in page

    return render(request, "login/login.html", {"error_message": "Invalid email/password combination. Please retry",
                                                "email": email})
return render(request, "login/login.html")
Mirac7
  • 1,566
  • 4
  • 26
  • 44
  • show us the view code, normally ``is_authenticated()`` gives True if _you_ are logged in – doniyor Nov 28 '14 at 19:11
  • It is too hard to speculate. But if I were to wildly guess, you are only authenticating the user, and not actually logging them in. – karthikr Nov 28 '14 at 19:22

1 Answers1

0

That's a funny implementation. I would suggest you use what's stated in the documentation instead:

from django.contrib.auth import authenticate, login

def my_view(request):
    username = request.POST['username']
    password = request.POST['password']
    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            login(request, user)
            # Redirect to a success page.
        else:
            # Return a 'disabled account' error message
    else:
        # Return an 'invalid login' error message.
dan-klasson
  • 13,734
  • 14
  • 63
  • 101
  • I filtered out the code irrelevant for this problem in my snippet, but regardless of implementation, user is logged in for as long as each page is opened through django. When I refresh the page or reopen the browser, user is no longer logged in. – Mirac7 Nov 29 '14 at 07:57
  • Your implementation is wrong. You don't do any check whether the authentication was successful or not. I would guess that the user never is authenticated and that is why `is_authenticated()` always returns false. – dan-klasson Nov 29 '14 at 09:50