#Logged into Django Admin and also an app in same browser?

1 messages · Page 1 of 1 (latest)

cunning oxide
#

I'm trying to decide if I have mis-configured something or this is expected behavior.

goal
I want to use the default admin login/logout functionality in my app for initial user testing. I will create users in admin and give the user their login manually. Users will login to app.

current behavior in the same browser

  1. if I log into the django admin with say, my admin user, and I then also log into my app with a different user in the same browser, I get Forbidden (403)
    CSRF verification failed, then if I hit my back button on my app, I'm logged in with admin actually.
  2. if both are logged in, the logout button on the admin and the logout button on my app affect each other.
  3. When I logout of the django admin, it shows the logged_out.html page I built for my app.

current behavior using chrome for admin and firefox for app

  1. everything works as I expectand there doesn't seem to be any confilict.

whats my question
Are these expected behaviors given my goal? Is the best practice to just login to admin and the app using different browsers?

If this behavior seems wrong I can start posting my configs, but I think maybe its expected.

kind sand
#

You can't log into the same website using two different users in the same browser.

#

The server keeps track of who you are based on cookies. Your browser stores these cookies, and every request sent along to the same server sends the same cookies along. When you log into the Django admin, you're logging into your Django app and getting cookies set in your browser that identifies who you are. Therefore when you next go to any other part of your app, admin or otherwise, you are already logged in as that user.

#

So therefore, you cannot log into the same app as two different users using the asme browser session. You either need to use a different browser, or an incognito/private browsing window, neither of which will share the cookies from the original browser session.

#

"The django admin" is not a separate site to any custom views you've written. It's all one Django project.