Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Django "Remember Me" with built-in login view and authentication form

How can I reuse the original admin login() and AuthenticationForm to set longer cookie length for users with "remember me" option checked at login page? I am currently using the built-in login through urls.py

url(r'^login/$','django.contrib.auth.views.login', {'template_name': 'authentication/login.html'}, name='login'),

The checkbox is implemented in my login.html as:

<label><input name="remember_me" type="checkbox">Keep me logged in</label>

but I am not sure how to pass that information through the AuthenticationForm to the django.contrib.auth.views.login

Currently, if the user logs "remember me" box unchecked, the cookie age is defined in settings.py

SESSION_COOKIE_AGE = 360

I found couple of similar questions but I don't think this should require a separate app to be installed. The below snippet (http://djangosnippets.org/snippets/1881/) seemed promising but I have coded python and Django only for couple of months and I wasn't able to get it working:

def login(request, *args, **kwargs):
    if request.method == 'POST':
        if not request.POST.get('remember_me', None):
            request.session.set_expiry(0)
    return auth_views.login(request, *args, **kwargs)
like image 201
Sawwy Avatar asked Feb 26 '13 22:02

Sawwy


People also ask

How do you implement remember me in Django?

To implement "remember me" functionality, simply configure whatever default session length you prefer in your settings.py, and after user login call request. session. set_expiry with some large number of seconds if the user has checked the "remember me" box. No extra middleware is needed.

How do I add remember me to my login page?

Create a login form that has two input elements for entering username and password, a submit button, and a checkbox for Remember me. encryptCookie() – This function takes a single parameter. Generate random key and assign to $key.

How do I authenticate username and password in Django?

from django. contrib. auth import authenticate user = authenticate(username='john', password='secret') if user is not None: if user. is_active: print "You provided a correct username and password!" else: print "Your account has been disabled!" else: print "Your username and password were incorrect."


1 Answers

The django session cookie age is defined in seconds.

SESSION_COOKIE_AGE = 360

means that the session will expire after 6 minutes. I've recently implemented the 'Remember Me' feature and I set the following:

SESSION_COOKIE_AGE = 60 * 60 * 24 * 30 # One month

The login view needs override as you've shown in the snippet.

But sounds like you're having an odd issue where closing the browser (when remember me is unchecked) is not requiring the user to re-login which should not happen if you use set_expiry(0). When you use set_expiry(0), the django sets a 'session' length cookie as opposed to a fixed length cookie and by design it would expire after browser close.

There's another settings that affects clearing cookie on browser close. Maybe you can try altering the SESSION_EXPIRE_AT_BROWSER_CLOSE setting's value or check it's existing value in your configuration. https://docs.djangoproject.com/en/2.2/topics/http/sessions/#browser-length-sessions-vs-persistent-sessions

like image 126
tarequeh Avatar answered Oct 10 '22 04:10

tarequeh