tags:

views:

166

answers:

3
Q: 

django.contrib.auth: how to keep site and admin sessions separate?

I'm using a user profile model with a ForeignKey to the User, authenticated by django.contrib.auth.

The same auth module is of course used for the admin interface, so if a superuser/staff member is logged in to the admin interface, and enters the main site, the site will accept session cookie and authenticate him. This creates a problem because a superuser/admin doesn't need to have a UserProfile and shouldn't be recognized by the main site.

What's the easiest way to solve this, so that the sessions from admin don't carry on to the site?

A:  
if request.session.get ('has_account', False):
    return HttpResponse ("You have no account, sorry.")

Then make sure, every user of your front-end gets, if his session is initiated, the value has_account set properly.

Boldewyn  2009-07-27 11:27:57
+1  A: 

I dont think there is a way to solve exactly this, "What's the easiest way to solve this, so that the sessions from admin don't carry on to the site?"

But depending on what you wnat to do, you may try,

  1. don't create UserProfile for superuser

if request.user.is_superuser():
UserProf.objects.create(...)

  1. I always have the problem where I want to keep a logged in Admin user and a logged in normal user, simultaneously, when I am developing. To do this, I have two entries in /etc/hosts

    127.0.0.1 uswaretech.tld
    127.0.0.1 admin.uswaretech.tld

Now, normal user always logs in via uswaretech.tld and admin always via admin.uswaretech.tld so thy can both be logge din simultaneously.

uswaretech  2009-07-27 11:30:07
A: 

From a design standpoint your idea seems like a bit of a hack, but if you really want to do this you may use a middleware.

class MyMiddleware(object):
    def process_request(self, request):
        if request.user.is_authenticated:
            try:
                UserProfile.objects.get(user=request.user)
            except UserProfile.DoesNotExist:
                from django.contrib.auth.models import AnonymousUser
                request.user = request._cached_user = AnonymousUser()
        return None

This should be at the top of the middleware list to prevent possible side-effects.

Cide  2009-07-27 12:17:59
Quite hacky and I'm not proud of it, but this is what I did.
hmp  2009-07-28 11:29:12

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django