Suppose someone is editing a HTML form, and their session times out, how can one have Django re-authenticate that individual without losing the content the user had entered into the form?
The snippet Django Snippets: Require login across entire site suggests how to do site-wide authentication, but I expect it will lose the GET component of the string (namely because request.path does not include it), and definitely lose the POST data.
How can one preserve the POST and GET across those inconvenient timeouts. I find that finessed web-sites tend to handle this intelligently, and I’d like to be able to do it in Django (as would others, I imagine!).
Thoughts would be appreciated. Thank you.
I have two suggestions.
Redirect/Middleware
Since you’re already using middleware to handle the login requirement, you could modify this middleware. Or possibly, create another middleware class that is called after the login middleware. These ideas are intertwined so it may make more sense to modify the existing one.
I think this should work cleanly, and many people would find it useful. It’d be a great post on djangosnippets.org.
Ajax technique
This is less practical if you already have your form handling in place, but could create a better user experience. If you POST asynchronously, your Javascript handler could recognize a ‘login required’ response code, and then display a popup dialog requesting login. On completion, the user could resubmit the form.