awdavies
commented
12 years ago Fixed under revision f19ea6befc1f4afe2ff5cf7b41fb53590641e2a7
Closed awdavies closed 12 years ago
awdavies
commented
12 years ago Fixed under revision f19ea6befc1f4afe2ff5cf7b41fb53590641e2a7
This isn't necessarily a high priority issue, as people don't tend to go without the use of cookies very often. However, it would be nice to show the user that they need to have their cookies enabled in order to use the site, rather than forcing them to log out.
The method outlined in the django documentation on cookies is (unfortunately) haphazard and does not function. For example, if a user (in out implementation, anyway) uses the login and fails twice, the code block in session.views.login_view wherein the POST is checked will assume the test cookie sent to the user for validation didn't work (because it will have sent a new one).
There's likely a very simple work around for this, one being that if a test cookie is already on the person's computer, we don't try to add in another one (we won't know if the cookie was added until they issue a second request). Either that, or we could do what facebook seems to do, which is to redirect the user after having sent them a cookie in order to force them to send a second GET request, at which point we could see if the cookie was accepted.