> I am sending POST data to a view But this view has login_required > decorator enabled, So if i m user is not logged in, he goes to > /accounts/login page and when user login, al the POST data is lost. Is there > any way to maintain the actual POST data sent for view.
There was a long discussion[1] on this fairly recently. The verdict is that it can be hacked, but it introduces a CSRF exploit. The way around it (as I understand it) is to have it not carry over the actual submission, but rather just carry over the data to pre-populate the form. The user (now logged in) can confirm that this data really is what they entered (rather than nefarious data), and re-submit the form as a now-logged-in user. -tim [1] http://groups.google.com/group/django-users/browse_thread/thread/15faa2c0a57c1adf/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
