Previous Page Next Page

Using Django's Test Cookies

Another problem with cookies is that you are not guaranteed that the browser will accept cookies. Some browsers disable cookies as a security precaution. If your website requires access to cookies or to the session framework cookie, you may want to add code to your login to verify that cookies are enabled.

Django provides the set_test_cookie(), test_cookie_worked(), and delete_test_cookie() functions to the HttpRequest.session object to aid in this task. The set_test_cookie() function attempts to set a test cookie in the browser. The test_cookie_worked() function attempts to retrieve the test cookie, and the delete_test_cookie() function deletes the cookie.

Watch Out!

The test_cookie_worked() function needs to be used in a different request than the set_test_cookie() function, because the cookie typically isn't saved until after the request is finished.


Try It Yourself: Implement Test Cookies to Verify That the Browser Will Support Cookies

In this section, you will modify the login_user() view function to have it set a test cookie during the GET request and verify that the cookie is set in the POST request before logging in the user.

Follow these steps to modify the GET and POST handlers of the login_user() view function to implement a test cookie:

1.
Open the iFriends/Home/views.py file in an editor.

2.
Add the following get handler, shown in Listing 16.1, to set the test cookie on a GET request:

if request.method == 'GET':
    request.session.set_test_cookie()

3.
Add the following check to the POST handler, shown in Listing 16.1, to verify that the test cookie was set. If it was, delete it and continue with the login. If the test cookie was not set, set the message to instruct the user to enable cookies before logging in:

if request.session.test_cookie_worked():
    request.session.delete_test_cookie()
. . .
else:
    message = "Please enable cookies and try again."

4.
Save the iFriends/Home/views.py file.

5.
Test that the handlers are working properly by logging out of the website using the following URL:

http://127.0.0.1:8000/Logout/

6.
Disable the cookies in the browser.

7.
Try logging in using the following URL:

http://127.0.0.1:8000/Login/

You should see the message shown in Figure 16.1.



Figure 16.1. The user login form generated by the user_login() view when a test cookie cannot be set in the browser.

[View full size image]


Listing 16.1. The login_user() Function in the iFriends/Home/views.py File

Code View:
def login_user(request, next='/'):
    message = 'Login User'
    lForm = LoginForm()

    if request.method == 'GET':
        request.session.set_test_cookie()

    if request.method == 'POST':
        if request.session.test_cookie_worked():
            request.session.delete_test_cookie()

            if request.GET.has_key('next'):
                next = request.GET['next']
            if request.POST['submit'] == 'Login':
                postDict = request.POST.copy()
                lForm = LoginForm(postDict)
                if lForm.is_valid():
                    uName = request.POST['username']
                    uPass = request.POST['password']
                    user = authenticate(username=uName, password=uPass)
                    if user is not None:
                        if user.is_active:
                            login(request, user)
                            return HttpResponseRedirect(next)
                        else:
                            message = 'Account Deactivated'
                    else:
                        message = 'Login Incorrect'
        else:
            message = "Please enable cookies and try again."

    return render_to_response('registration/login.html',{
                'lForm': lForm,
                'message': message})


Previous Page Next Page