Opened 5 years ago

Closed 5 years ago

#19658 closed Uncategorized (worksforme)

Login redirects use wrong URL when application doesn't live on web server root

Reported by: david.reitter@… Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


My application (running on 1.5rc1) sees a request whose view is decorated with @permission_required('admin') redirected to a wrong login URL.

The WSGI application (on Apache2) is mounted in a subdirectory such as

The redirect to the login page, given a request to then goes to:

rather than

LOGIN_URL is not set in my, as it wouldn't be portable without further ado.

Change History (2)

comment:1 Changed 5 years ago by anonymous

For what it's worth, user_passes_test in contrib.auth.decorators has "/accounts/login/" as resolved_login_url.
login_url is None. settings.LOGIN_URL=/accounts/login/, which is the default.

Is hard-coding LOGIN_URL, LOGOUT_URL and LOGIN_REDIRECT_URL in conf/ the best one can do?

I tried setting FORCE_SCRIPT_NAME in os.environSCRIPT_NAME? does not seem to exist (Apache/2.2.15 Unix).
I also don't see how these variables will be taken into account when figuring resolved_login_url. So this might be a hard bug.

comment:2 Changed 5 years ago by Carl Meyer

Resolution: worksforme
Status: newclosed

Thanks for the report! In Django 1.5 hardcoding is no longer the best one can do; these *_URL settings now accept reversable url names or view function names (see e.g., which should be portable and return correct results (presuming url-reversing generally works in your deployment scenario).

Note: See TracTickets for help on using tickets.
Back to Top