django: Persist post request across a login

Question

On logging in, the request's session key changes.

This makes it hard to use sessions, for activities that should persist across login, such as, say a shopping cart, where the login is prompted only while check out.

What is the best way to implement such a cart, which persists across login. One solution would be to have a table with session keys and products and on login, associate the user to it.

It could be simpler, I feel, particularly, all you want is to persist just a single post request.

Answer 1

This used to be a feature of Django, but it was removed, because it was a security issue. If you're going to implement something similar, you'd be wise to understand the security implications of it (which I don't, I just know there were issues).

I think the feature used to work by pickling the post data, and storing it in a hidden field of the login form.

The relevant announcement is here, and the code change is here.