Custom Login page in Django

79 views
Skip to first unread message

Aryak Sengupta

unread,
Mar 20, 2014, 10:06:48 AM3/20/14
to django...@googlegroups.com
I am new to Django (but not new to python) and I am looking forward to create a customized  page using django.  I have read about django's inbuilt authentication system but I want build it from scratch So here are the few ideas I am stumbling upon :

  1. Creating a users class in the models.py with username and password as the fields (both are CharField)

  2. Creating  two views one named LoginView, which will depict the initial login page (such as a form imported from a module named  forms.py) and another view named LoggedInView which will show only the username of the logged user

  3. Mapping them into corresponding URLs
I tried creating it with above mentioned thoughts but I got stuck with an error as follows:

Forbidden (403)

CSRF verification failed. Request aborted.

Help

Reason given for failure:

    CSRF cookie not set.

I couldn't figure out why possibly I am getting this error for incorporating such a simple(and basic) functionality.

I want to understand the best way/approach to go about this (for implementing this functionality). I am not worrying about the error for the time being since I didn't spend much time thinking about it (So I am not posting any code). I want to get my approach right first. I want to be flawless while implementing such basic and elementary stuffs.  

Robin Lery

unread,
Mar 20, 2014, 10:35:27 AM3/20/14
to django...@googlegroups.com
do you have {% csrf_token % } in your forms?


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4f18d65c-8e85-434f-b584-0ab7017f6cf9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Aryak Sengupta

unread,
Mar 20, 2014, 10:43:15 AM3/20/14
to django...@googlegroups.com

Yes I do.... Where am I going wrong then?

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2B4-nGq8taHb%2B9%2Bz3%3DxJq-Qitnuf0%3D127O9esk8LZygSQLeSZA%40mail.gmail.com.

François Schiettecatte

unread,
Mar 20, 2014, 10:46:41 AM3/20/14
to django...@googlegroups.com
You may be missing some middleware, eg:

'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',

'django.contrib.sessions',

Maybe your browser is rejecting cookies.

François
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALTbq1zEC9RPPKmVvTOYqXQ5AgVghzDWd0og2FoeKBJOMyfe1A%40mail.gmail.com.
signature.asc

Aryak Sengupta

unread,
Mar 20, 2014, 10:50:25 AM3/20/14
to django...@googlegroups.com

Can you please elaborate....

François Schiettecatte

unread,
Mar 20, 2014, 10:58:04 AM3/20/14
to django...@googlegroups.com
See https://docs.djangoproject.com/en/1.6/topics/http/sessions/
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALTbq1xzxJ8LmH6gkLSMcFZ5Ec0X-XW7q1N0v0YpnX_qoJVWtg%40mail.gmail.com.
signature.asc

Aryak Sengupta

unread,
Mar 20, 2014, 11:28:19 AM3/20/14
to django...@googlegroups.com

Alright... Thanks  a lot..... But do I really require using sessions for implementing this simple functionality ... Or is it just a bad design that I had been trying?

François Schiettecatte

unread,
Mar 20, 2014, 11:40:50 AM3/20/14
to django...@googlegroups.com
You need to have sessions if you want login so you can tie a browser to a user, and the CSRF is tied to the session cookie.

F.
> To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CALTbq1zj21GZn1p5FD-HAJfN6280Ka94DZP9WRhH_7Y7YtFxJw%40mail.gmail.com.
signature.asc

C. Kirby

unread,
Mar 20, 2014, 12:25:14 PM3/20/14
to django...@googlegroups.com
Are you building your own authentication system as a learning opportunity or to actually use in a production system? If it is for a production system then...don't. There is quite a bit of code in django Users to handle passwords and keep passwords safe and authentication secure.

If you want to expand on the User model or modify it then you should extend or substitute the existing User model (https://docs.djangoproject.com/en/1.6/topics/auth/customizing/#extending-the-existing-user-model)

That page also has information about hooking into different authentication backends if you want to use an existing source of users (for instance to use LDAP or the like)

Aryak Sengupta

unread,
Mar 20, 2014, 10:12:17 PM3/20/14
to django...@googlegroups.com
Yes I was trying to implement it for learning django properly. Alright , I got your point.


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/fa3d5877-2098-4cb0-a2ae-8f503f24d517%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages