How to redirect if already logged in

192 views
Skip to first unread message

meppum

unread,
Apr 13, 2008, 10:27:52 PM4/13/08
to Django users
The behavior of the admin tool is to require a login, but if the user
is already logged in they are redirected to the index page. I looked
at both the template and the view for the root url of the admin tool
but didn't see how this is being down.

-meppum

Malcolm Tredinnick

unread,
Apr 13, 2008, 10:33:36 PM4/13/08
to django...@googlegroups.com

It's not being done that way. In fact, the opposite is happening. If you
try to access the admin site and you are NOT logged in, you are
redirected to the login page. This is done via the
staff_member_required() wrapper around the index() function in
django.contrib.admin.views.main.

That's the normal way authenticated access is implemented, too. Normal
URL accesses go the intended page, but first check for permission and,
if not permitted, redirect to the login section (or elsewhere). That
means that logged in people don't have the extra network round-trip of
the HTTP redirect call.

Regards,
Malcolm

--
The cost of feathers has risen; even down is up!
http://www.pointy-stick.com/blog/

meppum

unread,
Apr 13, 2008, 10:53:05 PM4/13/08
to Django users
Okay. So how would I have both an "access gate" that people would be
redirected to if they try to access a page that requires them to be
logged in first and a homepage that allows them to login, but
redirects them to the "access gate" if there is an error while logging
in (from the homepage)?

On Apr 13, 10:33 pm, Malcolm Tredinnick <malc...@pointy-stick.com>
wrote:

Malcolm Tredinnick

unread,
Apr 13, 2008, 11:00:12 PM4/13/08
to django...@googlegroups.com

On Sun, 2008-04-13 at 19:53 -0700, meppum wrote:
> Okay. So how would I have both an "access gate" that people would be
> redirected to if they try to access a page that requires them to be
> logged in first and a homepage that allows them to login, but
> redirects them to the "access gate" if there is an error while logging
> in (from the homepage)?

The homepage (with the login boxes) won't be access protected. So
anybody can view it. Then your login view would redirect to your access
gate if there was any problem with the login.

meppum

unread,
Apr 13, 2008, 11:04:25 PM4/13/08
to Django users
Thanks Malcolm! You're always a help.

On Apr 13, 11:00 pm, Malcolm Tredinnick <malc...@pointy-stick.com>
wrote:

meppum

unread,
Apr 14, 2008, 12:06:33 AM4/14/08
to Django users
Okay so after thinking about this further I'm still a little fuzzy on
the flow.

If I have three pages:
-homepage (no login required)
-login page (no login required)
-user profile (login required)

my instinct is to make my root url (www.foo.com) point to the homepage
and not the profile. but if i do this then security is not quite
opperating the way you suggest it should (and i agree with you on
that). If someone deeplinks to their profile they should be redirected
to the login page, if a login fails on the homepage they should be
redirected to the login page, but if a login is successfull they
should be redirected to their profile and that's the part I sort of
get confused about.

It seems the login button on the homepage should use the view from the
login page to keep everything DRY. is it as simple as adding ?
next=accounts/profile to the end of the action in the login button?

-meppum

On Apr 13, 11:00 pm, Malcolm Tredinnick <malc...@pointy-stick.com>
wrote:
Reply all
Reply to author
Forward
0 new messages