0

I have a django project where I have 2 different login page.

  1. is in the landing page. ex: https://website.com/
  2. is the django admin login. ex: https://website.com/admin/ For both the login, I am using the same postgres user table.

The requirement is, When I login from landing login page, if the user has access to admin, he should be able to login both landing page and admin page and vice versa. When I logout from any of the 2 logins, it should be able to logout from both the logins if the logged in user is same for both the logins.

My login and logout code from the landing page

@api_view(['POST'])
    def login(request):
        if request.method == 'POST' and request.data:
            data = request.data
            username = data['username']
            password = data['password']
            user = auth.authenticate(username=username, password=password)
            if (user is not None) and (user.is_active):
                auth.login(request, user)
                token, created = Token.objects.get_or_create(user=user)
                return Response({"username": str(user), "token": token.key, "status": STATUS['SUCCESS'], "message": MESSAGE_SUCCESS['LOGIN']}, status=status.HTTP_200_OK)
            return Response({"status": STATUS['ERROR'], "message": MESSAGE_ERROR['LOGIN']}, status=status.HTTP_200_OK)


@api_view(['POST'])
@authentication_classes((TokenAuthentication,))
@permission_classes((IsAuthenticated,))
def logout(request):
    try:
        if request.method == 'POST' and request.data:
            data = request.data
            username = data['username']
            password = data['password']
            user = auth.authenticate(username=username, password=password)
            auth.logout(request)
            update_session_auth_hash(request, user)
        return Response({"status": STATUS['SUCCESS'], "message": MESSAGE_SUCCESS['LOGOUT']}, status=status.HTTP_200_OK)
    except:
        return Response({"status": STATUS['ERROR'], "message": MESSAGE_ERROR['LOGOUT']}, status=status.HTTP_200_OK)

Currently I am able to achieve only one side of this. that is When I login from landing page, if he is an admin it will login automatically to admin login, similarly the logout.

I am not able to login or logout from the landing page login when I login/logout from admin login.

Prajna
  • 578
  • 4
  • 8
  • 23
  • Login and logout process works with cookies stored on the client side (eg. web browser). When you work on the same domain like in this example, your cookies will be always "synced" on every action you will make. I mean that when you login on landing, the admin page will automatically try to use session_id cookie stored in your browser. When you logout, session_id will be deleted and reset. – mon io Oct 26 '21 at 19:33
  • @monio Yeah, but when I login/logout from admin, the landing page is not logging in/logging out. How do I make that happen? – Prajna Oct 27 '21 at 04:56
  • How do you authorize on landing ? You are using some custom "token" cookie/localStorage or session_id cookie ? – mon io Oct 27 '21 at 09:35
  • @monio I am using token authorization – Prajna Oct 27 '21 at 10:14
  • Oh so that's it. The fastest solution is to use session_id cookie instead of "token" header (client side). Another solution is to delete token on user logout - you can use login/logout signal like in [this example](https://stackoverflow.com/questions/1990502/django-signal-when-user-logs-in) – mon io Oct 27 '21 at 10:37
  • @monio you mean If I implement my landing page login authentication as same as django admin authentication, it will work? – Prajna Oct 28 '21 at 14:53
  • Your implementation is good - just use session_id cookie instead of token header in your frontend. How do you make requests on front (js fetch, axios ? ) ? – mon io Oct 28 '21 at 15:50

0 Answers0