Django built-in login view and errors

Question

I'm using the django.contrib.auth.views.login and .logout views. Very handy, worked out of the box, would deploy again AAA+ etc.

The problem arises since I'm not using a separate login page, but rather I have a login box in every page (unless the user is logged in, of course). And so, when the username/password combination is wrong, I get an error. Which of these three paths should I choose?

• There is a secret way to redirect to next not only on success but also on error. If so, please tell me!
• I write my own login view, putting to use Django's message system in the meanwhile
• I write a login page (well, it's just missing a template) so I can exploit the full awesomeness of the Django auth system.

Answer 1

One of possible solutions (first + third choices in your list):

1. You have to provide special login page (that is define registration/login.html) and for non loged in user each normal page has login form;
2. if user logins normally (this logic handled in django.contrib.auth.views.login):
   • for normal page: redirect user to the page from where she loged in;
   • for login page: if there is next param, redirect there, else redirect to main page;
3. if user fails to login: redirect (or redraw) login page with errors provided;
4. if user is loged in: normal page provides a link to logout (special page is still there in case if user want's to re-login or login through another account).

In normal pages, login form should have something like this <input type="hidden" name="next" value="{{ request.path }}" />.

In project settings:

# in settings.py
LOGIN_URL = '/login'     # this should coinside with url pattern of login view
LOGOUT_URL = '/logout'   # same but for logout view
LOGIN_REDIRECT_URL = '/' # url to main page

N.B.: I don't use django's buildin logout view instead I use my own: almost the same but does logout only for POST requests. This disallows users to logout by <img src='my_site/logout' /> malicious code.