I'm building a site with a username/password login form on ever page. (You know, up in the top right corner, and the form gets replaced with "Welcome username, options, logout" links when logged in.) Pretty straightforward, except for an issue with test cookies.
When using this embedded form, instead of logging right in, the user gets bounced to the regular login page, with a "username/password didn't match" message. However, hitting the login button there works fine, even without reentering any info. Confusing and annoying. So, based on my reading of the contrib.auth code, here's how auth login is supposed to work: 1. User requests the login form URL, which triggers the view django.contrib.auth.views.login 2. Since there are no REQUEST variables, this view calls set_test_cookie() and renders the blank form 3. User fills in the form with username and password, and submits it back to django.contrib.auth.views.login 4. Since there are now REQUEST variables, it runs the AuthenticationForm manipulator, which checks two things: a) that username/password match and denote an active user b) that cookies are turned on, via test_cookie_worked() 5. If _both_ of these tests are passed, then the user is logged in and the test cookie is deleted. If either test fails, it redirects to the login form, which again sets the test cookie and asks for username/password So, the problem with my login form on every page is that it doesn't work if the user hasn't visited the regular login URL, because the test cookie won't have been set. It seems like the easy way to resolve this is to set the test cookie on every page. (Or at least every page where not is_authenticated. ) What's the best way to do that? I would guess a middleware, but is there a better way to call set_test_cookie for every request? Alternatively, a cleaner but more involved way to handle this case would be to patch the auth.login process to do a double redirect after checking the username/password. That way, anonymous users wouldn't get cookies set unnecessarily, and one could log in from a saved page even after clearing cookies. Anyone else confronted this problem? I've found several docs, posts and messages talking about login forms on every site, but none that point to test cookies as a problem... Thanks! -cashman --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
