Hi, If you type your password wrong, user will be None, and your code will then redirect to the "register" page.
If you press "back" after a successful login, the CSRF token will be out of date and the form won't work. Are you caching any pages? Collin On Friday, November 28, 2014 12:55:35 AM UTC-5, Rootz wrote: > > I have a django app but I having problems with my login views and logout > views. I do not have a html template designated to handle user login/logout > view. > Django project is configured as follows: > > INSTALLED_APPS > <https://docs.djangoproject.com/en/1.7/ref/settings/#std:setting-INSTALLED_APPS> > setting: > > 1. 'django.contrib.auth' contains the core of the authentication > framework, and its default models. > 2. 'django.contrib.contenttypes' is the Django *content type system* > <https://docs.djangoproject.com/en/1.7/ref/contrib/contenttypes/>, > which allows permissions to be associated with models you create. > 3. 'django.contrib.sessions', > > MIDDLEWARE_CLASSES > <https://docs.djangoproject.com/en/1.7/ref/settings/#std:setting-MIDDLEWARE_CLASSES> > setting: > > 1. SessionMiddleware > > <https://docs.djangoproject.com/en/1.7/ref/middleware/#django.contrib.sessions.middleware.SessionMiddleware> > manages *sessions* > <https://docs.djangoproject.com/en/1.7/topics/http/sessions/> across > requests. > 2. AuthenticationMiddleware > > <https://docs.djangoproject.com/en/1.7/ref/middleware/#django.contrib.auth.middleware.AuthenticationMiddleware> > associates > users with requests using sessions. > 3. csrf.CsrfViewMiddleware > > > Using Django Template Language and Template inheritance. The login form is > on the base template on other templates extends from this base template. > > All my login attempts result in some of the views rendering the user info > (username to welcome user back) while other views rendering the page as if > the user is an anonymous user. If I try to login in again I get an error > page stating that there is a missing csrf token or incorrect. Adding to > this I have identified many instances where I have tried to logout and it > does not seem to log me out because it is still showing the last user login > info. For my base template I have hard coded the form (meaning not using > Django Form class). > > Can You identify the possible fault in how i am implementing the login and > logout views? > > > Here is a copy of my login and logout views > > def members_login(request): > > if request.method == 'POST': > password = request.POST['password'] > username = request.POST['username'] > user = authenticate(username=username,password=password) > > if user is not None: > if user.is_active: > login(request,user) > return redirect('members:index') > else: > #inactive users required to re-register > return redirect('members:index') > else: > #no account required to register to create one > return redirect('members:register') > > else: > #test if login is a regular get request then redirect > return HttpResponseRedirect(reverse('members:index')) > > > def members_logout(request): > logout(request) > return redirect('members:index') > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c106f934-66a0-4f60-b1b4-05095b9adf73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.

