<http://stackoverflow.com/questions/20550170/redirect-to-previous-user-last-page-after-new-user-login#>
I am currently developing a Django website and I am using
django.contrib.auth and django-security-session for closing user sessions
automatically.
In case a user leaves its session open and a new user arrives at the same
navigator after that session expired, if the new user attempts to use that
same session, the session will be automatically closed. However, if now
this new user logs in again, he is redirected to the last page where the
previous user was.
I have taken a look at the code from django-security-session and I found
the following at middleware.py "process_request":
from django.contrib.auth import logout ... def process_request(self,
request):
...
delta = now - get_last_activity(request.session)
if delta.seconds >= EXPIRE_AFTER:
logout(request)
...
So it seems that django-security-session relies on django.contrib.auth for
closing the session. This logout flushes the current session and removes
user id's from the request. However, the current page for the user that has
just being logged out is still preserved for redirection after the
following login. This login, in my case, is performed by the decorator
@login_required, which relies on method
"django.contrib.auth.views.redirect_to_login":
def redirect_to_login(next, login_url=None, \
redirect_field_name=REDIRECT_FIELD_NAME):
...
resolved_url = resolve_url(login_url or settings.LOGIN_URL)
login_url_parts = list(urlparse(resolved_url))
if redirect_field_name:
querystring = QueryDict(login_url_parts[4], mutable=True)
*querystring**[redirect_field_name] =** next*
login_url_parts[4] = querystring.urlencode(safe='/')
return HttpResponseRedirect(urlunparse(login_url_parts))
... where the page for redirection is generated utilizing the url from the
last user that is already logged out and that might not be the same as the
one that is logging in right now.
Before starting patching and freaking out around the code, is there
anything I am missing? Is there anyway in which I can instruct
django.contrib.auth not to do this and, in case a different user logs in,
just redirect the new user to its home page?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/9f7abd93-bd10-4ce1-8dc6-eedf9943b1ab%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
