Hi everybody, I'm trying to do a simple login for a web site, and everything looks fine except one thing, when I enter a name and a password for a superuser I got "403 Forbidden" error.
here is my login.html:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Django Book List user login</title>
</head>
<body>
<h1>User Login</h1>
{% if form.has_errors %}
<p>Your User name and Password didn't match
Please try again</p>
{% endif %}
<form method="post" action=".">
<p><label for="id_username">Username:</label>
{{ form.username }}</p>
<p><label for="id_password">Password:</label>
{{ form.password }}</p>
<input type="hidden" name="next" value="" />
<input type="submit" value="login" />
</form>
</body>
</html>
and that's what I added to the urls.py:
(r'^login/$', 'django.contrib.auth.views.login'),
I tought I supposed to go back one level to the main page, but I'm getting this:
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF cookie not set.
In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:
The view function uses RequestContext for the template, instead of Context.
In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.
You can customize this page using the CSRF_FAILURE_VIEW setting.