shean1488 -3 Light Poster

Hi everybody, I'm trying to do a simple login for a web site, and everything looks fine except one thing, when I enter a name and a password for a superuser I got "403 Forbidden" error.

here is my login.html:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Django Book List user login</title>
</head>
<body>
    <h1>User Login</h1>
    {% if form.has_errors %}
        <p>Your User name and Password didn't match
            Please try again</p>
    {% endif %}
    <form method="post" action=".">
        <p><label for="id_username">Username:</label>
            {{ form.username }}</p>
        <p><label for="id_password">Password:</label>
            {{ form.password }}</p>
        <input type="hidden" name="next" value="" />
        <input type="submit" value="login" />
    </form>
</body>
</html>

and that's what I added to the urls.py:

(r'^login/$', 'django.contrib.auth.views.login'),

I tought I supposed to go back one level to the main page, but I'm getting this:

Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
    CSRF cookie not set.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.