Cookie test fails in login() view
|Reported by:||iakbar||Owned by:||nobody|
|Severity:||Keywords:||authentication, cookie, login|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||yes||Patch needs improvement:||no|
The cookie test in the django.contrib.auth.views.login() view doesn't work as expected.
The url is set up as follows.
After disabling cookies in the browser...
- the login view is called via a GET request and displays the login
template/form (the test cookie is set).
- The form is posted back to the login view (the view is supposed to check
for the test cookie and throw an error if the cookie is not found. This
check doesn't happen).
The documentation of the init method of AuthenticationForm says it
will validate that cookies are enabled only if a request is passed in
when instantiating the form. But on POST the login view doesn't pass
the request to AuthenticationForm.