0

I am new in python and django.I am trying for a secure user authentication using django framework.I create a login.html page in [templates/user].And if login success user leads to user/ContactSuccess.html.

ContactSuccess.html : 

<html>

---------{{request.user.username }}------------

{% if request.user.is_authenticated %}
  <p>Welcome, {{ user.username}}. Thanks for logging in.</p>
{% else %}
  <p>Welcome, new user. Please log in.</p>

{% endif %}
<body>success</body>
</html>

views.py

............

def testlogsuccess(request):<br/>
    if  not request.user.is_authenticated():
        return HttpResponseRedirect("/accounts/login/")        
    else:
        user = request.user.is_authenticated()
        return  render_to_response('user/ContactSuccess.html',locals())

..............

urls.py:


urlpatterns = patterns('',
    (r'^admin/', include(admin.site.urls)),
    (r'^accounts/login/$',login),
    (r'^accounts/logout/$', logout),
    (r'^accounts/profile/$', views.testlogsuccess),


well its works fine.

the output is: 

---------Ji------------

Welcome, . Thanks for logging in.
success .


but my problem is when I stop my devlopment server and then start it again and then try the url 'http://127.0.0.1:8000/accounts/profile/' without login, it still shows the above output. How can I avoid this.

I Am using django 1.3 ,python 2.7.2 and windows7.

MattH
  • 37,273
  • 11
  • 82
  • 84
Jisson
  • 3,566
  • 8
  • 38
  • 71
  • Could you indent code properly?. About question - I suggest reading carefully through http://www.djangobook.com/en/2.0/chapter14/. By default Django sessions is saved to db, so restarting server wouldn't logout logged n users... – Pill Sep 02 '11 at 08:27
  • it inded properly.Its worked fine, in normal cases – Jisson Sep 02 '11 at 08:29
  • Actaully need is suppose I login in successfully. and if i copy paste the url in a new tab,then it show u r not autenticated... – Jisson Sep 02 '11 at 08:31
  • That means I have to use session also with user athentication ..isn't it? – Jisson Sep 02 '11 at 08:34

1 Answers1

2

The problem is that the values which determine whether a user has been authenticated are determined by the browser -- HTTP authentication keeps the username and password stored and then more or less prepends it to every request. In order to stop the login from working, you need to tell the browser to stop.

There is a good deal of pertinent information on that topic here.

Since this is a testing environment, however, and since authentication headers are something which are more or less reset every time you restart the browser, I recommend simply closing the browser and opening it up again... it would be easiest.

Community
  • 1
  • 1
cwallenpoole
  • 79,954
  • 26
  • 128
  • 166
  • 'un/pw'? Please avoid abbreviations like that. What does it mean? Does that mean "the authentication cookie stored in the browser?" If so, please use a phrase instead of a cryptic abbreviation. – S.Lott Sep 02 '11 at 10:03
  • My Django uses a cookie. How does yours use the username/password in every request? Are you talking about HTTP BASIC authentication? That doesn't seem to be relevant, since this is using a form. Can you clarify what you're talking about? – S.Lott Sep 02 '11 at 10:17