In my django app, I handle login in the following manner. Users go to a gateway page (index.html) - if they are not currently logged in, there will be a login/password form along with the other material. On successful login (or if they otherwise go to that page while logged in), the page is rendered slightly differently (sans login form).
The way I am handling that is in the view for index.html I do:
logged_in = request.user.is_authenticated()
and then the logged_in variable is passed to the template, which is checked to see which version of the page it renders.
When a user logs in, the login view calls:
user = authenticate(username=username, password=password)
if user is not none:
login(request, user)
And then they are redirected back to index.html.
More often than not, this works perfectly fine. What I see though is that sometimes between the HttpResponseRedirect and the index view is that request.user is wiped out. I have been logging this for a while now, writing to the log as the last item in the login view and first item in the index view. The effect it has for the user is that it looks like they incorrectly logged in (except w/ no message telling them that).
It does seem to come in spurts, as in the system will be fine for a while, and then I'll see it happen to a user 4-5 times in a row. I should also note that I've never seen/heard of this happening at any point except at the login, as far as I can tell (it is possible that it has happened and no one has complained) once they're in, they're in.
Am I doing something obviously wrong with my login methodology here?