i have form.html and form.py files. In form.html file i have a text box and a button when i enter some keyword in the text box and submit it, it executes form.py based on the keyword entered and it displays latest tweets from twitter. now my requirement is to refresh broswer automatically for every 5 sec to get latest tweets.
i have tried meta http-equiv="refresh" content='5' but it is refreshing only form.py without taking keyword from form.html
is there any way to do it, please suggest me....
When you 1st call form.py, send an header to set a cookie with the keyword, then on subsequent refreshes you should get the cookie and not the keyword as post daya, so read it from there.
In case both post data and cookie are present you should ignore the cookie and treat it as just post data and set the new cookie in the HTTP headers.
To set a cookie you must send an header like this
Set-Cookie: name=value
or like this to have an expiration
Set-Cookie: name2=value2; Expires=Wed, 09-Jun-2021 10:18:14 GMT
I think in the 1st case the cookie would be treated as a session cookie, and be removed when you close the browser.
Check the python doc to see how to set and read headers with the CGI module.
Related
I am trying to use Python requests to log into amazon.se. To do so, I first make a GET request to one of the pages, get redirected to the sign-in page, and make a POST request using the data from the login form + my credentials.
The problem is that in response I get the sign-in page with the following error:
I am of course sure that both the email and password are valid, but the login process still fails in both Python and Postman. I tried to compare the browser requests to my manufactured ones, and they seem almost identical except for me missing a couple of what I believe are non-essential headers. Nevertheless, there must be something going on behind the scenes that I am missing.
Postman POST request
Headers:
Body (form data from previous GET request):
Browser POST request
Headers:
Body:
Like we open a URL to a normal browser so it will redirect to another website url. Example a shorted link. After you open this it will redirect you to the main url.
So how to do this in python I mean I need to open a URL on python and this will redirect to other website page then I will copy the other website page link.
That's all I want to know thank you.
I tried it with python requests and urllib module.
Like this
import requests
a = requests.get("url", allow_redirects = True)
And
import urllib.request
a = urllib.request.urlopen("url")
But it's not working at all. I mean didn't get the redirected page.
I know 4 types of redirections.
server sends response with status 3xx and new address
HTTP/1.1 302 Found
Location: https://new_domain.com/some/folder
Wikipedia: HTTP 301, HTTP 302, HTTP 303
server sends header Refresh with time in seconds and new address
Refresh: 0; url=https://new_domain.com/some/folder
server sends HTML with meta tag which emulates header Refresh
<meta http-equiv="refresh" content="0; url=https://new_domain.com/some/folder">
Wikipedia: meta refresh
JavaScript sets new location
location = url
location.href = url
location.replace(url)
location.assing(url)
The same for document.location, window.location
There should be also combination with open(),document.open(), window.open()
requests automatically redirects for first and (probably) second type. With urllib probably you would have to check status, get url, and run next request - but this is easy. You can even run it in loop because some pages may have many redirections. You can test it on httpbin.org (even for multi-redirections)
For third type it is easy to check if HTML has meta tag and run next request with new url. And again you can run in loop because some pages may have many redirections.
But forth type makes problem because requests can't run JavaScript and there are many different methods to assign new location. They can also hide it in code - "obfuscation".
In requests you can check response.history to see executed redirections
Is there anyway in django that if user has two open tabs, both logged out, then logs in in one tab, tell that he has logged in in another tab? I mean something like github that tells you you have signed in, please refresh the page.
The problem is now If I login in one tab and then in the second tab, I get csrf token missing incorrect.
You get csrf token missing incorrect. because when user relogins, the server generates a new csrf token to the cookie. The cookie persists across the same domain. And when you're trying to do smth on the current page, the request fails because csrf in your <form> differs from the cookie which has been changed. That's why github refreshes the page (instead of conitnuing doing request from it). Thus server will return new csrf in html to your form.
Edit:
Consider the following choices :
If your cookie is not readonly: . Set setInterval where you check the session which user loaded the page and current session from cookie.
Render 4 first characters too page and save it to a variable. Set this variable when page loads. And with every request pass the variable with headers. Add a middleware which checks if first 4 characters in headers matcher first 4 characters from cookie, and if it doesn't tell the client to refresh the page.
If you want to automatically detect your case, you need to frequently spam the server and ask if the session has changed. From the client you can send the old session and the new one (if session is readonly you can send like few first characters from the server).
I don't know exactly how github does this. But one possibility is to use a visibilitychange event handler. This will trigger when you switch tabs. The event handler can check the cookies for the current site, and determine if someone logged in another tab.
https://developer.mozilla.org/en-US/docs/Web/Events/visibilitychange
Usually tabs share no state. But two tabs have the same origin (domain name), they share cookies. In django you typically render the csrf token to the html dom with the template tag {% csrf_token %}, which means that if the current tab's csrf token was invalidated (which happens when you sign in), you must refresh the page to get a fresh token.
One way to do attach such an event listener is this:
// check cookie for `logged_in` substring (this only works for insecure cookies. Not http-only)
const isLoggedIn = () => document.cookie.includes('logged_in')
// check cookie for changes when you open this tab
const signInSpy = () => {
document.visibilitystate === 'visible' &&
isLoggedIn() &&
alert('refresh, please')
}
// only attach event handler when not signed in.
document.onvisibilitychange = isLoggedIn() ? null : signInSpy
This example only works if logged_in is not a http-only cookie. For other options for communicating between tabs, see this question:
Communication between tabs or windows
I wrote a Django view that responses ether a text/html or a application/json depending on request.is_ajax().
So far so good, but when I use my browsers history buttons, I end up getting a JSON response rather than the HTML.
I can't figure out the problem. It's true an jQuery ajax request is getting the same url after the page was loaded, but that shouldn't end up in the history, or should it?
Thanks, Joe
If you send different content depending on request.is_ajax(), you need to send Vary: X-Requested-With to the browser. That way, the browser will be able to distinguish the two kinds of response based on the value of the X-Requested-With header on the request. You can do that via:
from django.views.decorators.vary import vary_on_headers
#vary_on_headers('X-Requested-With')
def yourview(request, ...):
pass
I am trying to understand how to use AJAX with Python Sessions. I understand the basics of how sessions work. When I add AJAX to the mix, my mind is having a difficult time understanding the technical details. Part of me thinks AJAX and Python Sessoins are not possible. I know web frameworks exist that probably do all this magic but I want to learn how to do it myself before jumping into a framework.
I am trying to create a webpage with a login form using HTML, AJAX, Python, and Sessions. If the user is able to log in, a session should be created (I assume that's correct). Otherwise, an error message should be returned.
Here is the basic application layout:
login.html : HTML form with username & password input boxes and
submit button
ajax.js : contains AJAX function that communicates with server-side
script
check_user.py : checks if username & password are correct, creates
session or returns error
welcome.html : only accessible if username & password are correct
welcome_1.html : only accessible if username & password are correct
I prefer to keep the HTML, Javascript, and Python code in separate files as opposed to creating HTML with Python or using inline Javascript in HTML.
Here is the application logic:
user visits login.html
enters username & password
clicks submit button
submit button calls ajax function
ajax function sends username & password to check_user.py
check_user.py checks if username & password are correct
if not correct, return JSON formatted error message
else, correct
create session ID (SID)
place SID in cookie
return cookie to ajax function
redirect user to welcome.html
welcome.html
on page load, ajax function requests user's cookie
if no cookie, redirect to login.html
else, ajax function sends cookie to check_user.py
check_user.py opens cookie & verifies the SID
if not correct, redirect user to login.html
else, correct
redirect user to welcome.html
I think I am misunderstanding how ajax is supposed to handle the returned cookie information. It is also possible that I am misunderstanding other parts, too. Please clarify :-)
I think I will follow this document when writing my Python session code. Sound ok?
I am considering using jQuery for the AJAX stuff and other Javascript coding.
Thank you!
Remember that the AJAX request is the same as any other HTTP request to the server. The session is maintained on the server side, but as far as the server can tell, a request from the browser is a request from the browser. An AJAX request can get and set the cookie just like any other request can. The method you've outlined above should work fine. Alternately, you could check for the existence of the session on your front page, and write the cookie then.