0

I am looking for the session key that should be the same from the time when the user logs in until he logs out. I am communicating with another api that requires such key. I tried using csrf token but this one is different per request. Also, I have tried using session storage and again it is different one. I see that in the django_sessions there is a session_key that is created during the login, but I dont know how to assosiate it with a user, it has only session_key, session_data and the expire date.

def user_login(request):
    if request.method == 'POST':
        response = None
        form = LoginForm()
        username = request.POST.get("username")
        password = request.POST.get("password")
        cookie = request.COOKIES['csrftoken']
        user = authenticate(username=username, password=password)
        # logger.info(f"Session key [Login] --> {request.session}")
        # logger.info(f"Session key [Login] --> {request.session.session_key}")
        # request.session.create()
        # logger.info(f"Session key [Login] --> {request.session.session_key}")
        if user is not None:
            logger.info(f"Cookie [Login] --> {cookie}")
            response = loginApi(
                username, password, 'demo', cookie)
            if response["status"] == 200:
                login(request, user)
                logger.info("User logged in")
                return redirect('home')
            else:
                logger.info(f"Request Response [Log in] --> {response}")
        else:
            logger.error(f"User failed [Log in] --> {response.text}")
    else:
        form = LoginForm()

    return render(request, 'users/login.html', {'form': form})
kakakakakakakk
  • 467
  • 10
  • 31
  • What API are you using and why do you need to provide session key during a session? –  Jun 17 '21 at 07:57
  • i need to provide a session key because without it i have to login each time i send requests to it. A simple api – kakakakakakakk Jun 17 '21 at 08:00
  • Are you talking about Django login system or something else? –  Jun 17 '21 at 08:03
  • i am logging to a different api, for it I need to provide a cookie each time i do a request. The question is - does django store such cookie/key throughout the session so i can use it for this external api? – kakakakakakakk Jun 17 '21 at 08:04

1 Answers1

3

request.session is a SessionStore object with a unique session_key.

The session_key is created as soon as the attribute is accessed. But the session object itself is only saved to the database after the view has been processed (in the process_response method of the session middleware) by calling the save method of the SessionStore object.

It's not really documented, but looking at the source code I guess you are supposed to create a new session object like this:

if not request.session.exists(request.session.session_key):
    request.session.create()

https://stackoverflow.com/a/5131421/9304280