I have made Account model, which is now custom user model in Django my app. Also, I have Token authentication, but I do not know how to refresh Token, and how frequently I have to change Token for user.. Also I have a problem, because a user after logging with token can access another account, by just changing id in url. How can I solve this problem. I thought about solution that I put id of user in Token, so when he access to some url I check if it is his id in url from Token. But I am not sure is this is good solution for Django, because I do not know how to add id in Token. Maybe Django has some cleverer solution. I am pretty new in Django, so...
Django Token authentication problem accessing another account
140 Views Asked by DevJava At
1
There are 1 best solutions below
Related Questions in DJANGO
- Django Admin Panel and Sub URLs Returning 404 Error on Deployment
- How to return HTTP Get request response from models class in Django project
- Issue with Quantity Increment in Django E-commerce Cart
- Can't install Pipenv on Windows
- use dict from python in django html template and also in js
- 'pyodbc.Cursor' object has no attribute 'callproc', mssql with django
- Django socketio process
- Root path analogue in uWSGI as in Uvicorn
- Django - ModuleNotFoundError: No module named 'backend'
- Does Python being a loosely typed programming language make it less secure?
- sorl-thumbnail adds a background color when padding is used
- Can't connect to local postgresql server from my docker container
- Why ProductHunt api dont work with Python?
- why i have to put extra space in before write option selected because it show error if i don't ' option:selected'
- Django Arrayfield migration to cloud sql (Postgresql) not creating the column
Related Questions in TOKEN
- Authenticate Flask rest API
- How to solve Config validation error when tokenizer is not callable in Python?
- RequestClientCredentialsTokenAsync and ClientAssertion Encoded
- read contents from a file on git using ansible
- issue of retrieving fcm token?
- How to change the token expiry time after page refresh in angular?
- Persist Offline Tokens in separate database
- How Do I Solve This BSCScan Verification Error?
- How to secure JWT token
- GET http://localhost:5000/api/user/allusers?search=s 401 (Unauthorized)
- I am having a problem while creating a token in NodeJS. Is there any solution please?
- How to get access token correctly from SAP Successfactors api?
- Verify Token To Login In Firebase (Aauthorization)
- Inherit session token between 2 apps as long as one of them has been signed in Ember.js
- Unable to mint SPL 2022 token but able to create it using metaplex
Related Questions in HTTP-TOKEN-AUTHENTICATION
- How to update authentication token for mp4 file with JW Player?
- How to Invoke/Call AngularJS WebClient App from a Delphi Window Application?
- Getting exception: server returned response code 401 ; while implementing token based authentication for jax-rs with grizzly in java
- Upload xlsx to confluence page as attachment via REST API and token authentication
- Why would Django Rest Framework token authentication work in Postman but not in browser
- Token Authentication using OpenIddict does not work with Local IIS Server but works with IIS Express in ASP.NET Core 6.0
- Symfony 6.2 does not reach token handler on token authentication
- Django: Create manualy session cookie and authenticate later with it
- Django Token authentication problem accessing another account
- "Unable to log in with provided credential" in Django REST Framework
- How to create a new token with custom created datetime in Django Rest Framework?
- Is REST framework token authentication safe?
- Django REST framework TokenAuthentication returns anonymous user
- "Authentication credentials were not provided." Thunder client Django Rest
- How authorize a web API using a cookie based authentication
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You should not send your
AuthTokenas a parameter in the url, as you already noticed, someone could just change it to other value expecting to enter an account that does not belong to them.What you should do is send the token in the
bodyof aPOSTrequest like this:Or a a
Headerin a GET request:It really depends on what your are trying to do