Hi Angel,
Thanks for your reply. I just tested with decorator @login_required.
The problem still exists.
Following is script for my homepage.
# this is the homepage
@login_required
def my_view(request):
if request.session.test_cookie_worked():
#username = request.user.username
if request.user.is_authenticated():
username = request.session['username']
#username = request.user.username
return render_to_response('my_view.html',
{'username':username})
else:
return HttpResponse("Please enable cookies and try again.")
Neither request.session nor request.user can give a correct user's
name all the time. In my login(request) I have
if request.method == "POST" :
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
request.session['password'] = password
request.session['username'] = username
request.session.set_expiry(0)
login(request, user)
----------------------------
So, why can not session bind username to it? And why can not
request.user give the correct logined user? it seems to me that
sessions are interweaved when two users login at the same time. Or one
session over-writes the other? Checking session keys in session table,
I can see that each session key is unique.
Thanks again for your reply. I appreciate it. Do you have more ideas
where I missed?
On Aug 28, 12:35 pm, Angel Cruz <mrangelc...@gmail.com> wrote:
> How does your view.py look like?
>
> I use the decorator @login_required right before each def that I want to
> ensure is viewable only to the logged-in user.
>
>
>
> On Fri, Aug 28, 2009 at 12:00 PM, David <ww...@yahoo.com> wrote:
>
> > hello Django community,
>
> > I met this problem and can not find a solution. I wonder if any people
> > has met this problem before? Can anybody give a clue or hint how to
> > fix it?
>
> > For my project, I have enabled sessions and I use
> > contrib.auth.models.User. If one user logins into his/her account, all
> > is perfect. However, if another user logins (no matter if it is from
> > the same computer or from another computer), then the two users sees
> > each other's information in their own account.
>
> > I also found that
>
> > (1.) request.user.username gives another logined user's name instead
> > of this one (the correct one) even though I called
> > request.user.is_authenticated().
>
> > (2.) request.session['username'] does not give the username that I
> > assigned it earlier.
>
> > (3.) Old session is still there even though a user log-out correctly,
> > closes the browser (IE) and then opens another browser (Firefox).
>
> > I have put "SESSION_EXPIRE_AT_BROWSER_CLOSE = True" in settings
> > already. In my code I have request.session.set_expiry(0).
>
> > Checking my session table, I can see that the "expire date" for
> > sessions are in two weeks. Does this mean that
> > "SESSION_EXPIRE_AT_BROWSER_CLOSE = True" did not work?
>
> > Any suggestions?
>
> > Thanks so much.- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
