logins.txt
+--
Django - book database with users, logins, redirects
The machinery is provided in django.contrib.auth, but is unobvious
https://docs.djangoproject.com/en/1.3/topics/auth/
http://www.djangobook.com/en/2.0/chapter14/
Starting from a simple app without users or authorization
(for example, starting from booksite.py, how to make bookshop.py):
1. In settings.py INSTALLED_APPS uncomment auth, sessions,
contenttypes, then: python manage.py syncdb
2. Authorize users in the database auth_user table, for example:
user = User.objects.create_user('jon', 'jon@uw.edu', 'mypasswd')
3. In your top-level urls.py add these three lines at the appropriate
locations:
from django.contrib.auth.views import login, logout
...
url(r'^accounts/login/$', login),
url(r'^accounts/logout/$', logout),
...
4. In views.py, decorate pertinent views with @login_required. This
will redirect to the login page when needed. You do NOT have to
add any other code in views.py to support login/logout, that is already
provided by django.contrib.auth.views.login,logout referenced in
urls.py
5. In your templates directory, add a registration/ directory
containing the forms login.html and logged_out.html. You can
copy a sample login.html from the references linked above.
Your login.html must include {% csrf_token %} for security.
6. In your templates, add Logout links where appropriate:
Logout
7. Add a Login link to /accounts/login where appropriate. It is not
needed on pages whose views are decorated with @login_required,
but it is often helpful to put a Login link on the
logged_out.html page. The Login link should include a
next?... query string to indicate the page to show after a
successful login. The bookshop sample uses this Login link:
Login
+---
HTTP Redirects - in general
Browser sends HTTP GET request with URL1
Server replies HTTP reponse code 302, with header Location: URL2
Browser sends HTTP GET request with URL2
Can program redirects in web applications for control and navigation
+--
HTTP Redirects - control and navigation in bookshop
@login_required on some views redirects to login page
then successful login redirects back to view originally requested
...
> [12/Mar/2012 16:00:02] "GET /books/ HTTP/1.1" 302 0
[12/Mar/2012 16:00:03] "GET /accounts/login/?next=/books/ HTTP/1.1" 200 564
> [12/Mar/2012 16:00:19] "POST /accounts/login/?next=/books/ HTTP/1.1" 302 0
[12/Mar/2012 16:00:19] "GET /books/ HTTP/1.1" 200 868
[12/Mar/2012 16:00:52] "GET /books/detail/978-1904811848 HTTP/1.1" 200 688
[12/Mar/2012 16:00:59] "GET /books/ HTTP/1.1" 200 868
[12/Mar/2012 16:01:05] "GET /accounts/logout/ HTTP/1.1" 200 205
Looks convoluted to this old-school programmer
Web programming involves intricate division of labor between
your code, framework, server, browser
- must understand HTTP protocol (what's a redirect?)