I'm new to web development and trying to create an auction website as a course project. I'm trying to create a user-specific watchlist. It's able to add a product to the watchlist but when I go to delete an item from the watchlist it doesn't get deleted until I log out and log in again. Here is my code:
views.py:
def watchlist(request, item_id=None):
if request.method == "POST":
for item in request.session["watchlist"]:
if item["id"] == item_id:
ind = request.session["watchlist"].index(item)
modified = request.session["watchlist"][:ind]
request.session["watchlist"][ind 1:]
request.session["watchlist"] = modified
break
data = request.session["watchlist"]
return render(request, "auctions/watchlist.html", {
"data": data
})
watchlist.html:
{% block body %}
{% if user.is_authenticated %}
<h2>Watchlist</h2>
<ol>
{% for item in data %}
<li>
<div style="display: flex;">
<div>
<img src="{{ item.image_url }}" alt="No image">
</div>
<div>
<a href="{% url 'listing' item.id %}"><h4>{{ item.title }}</h4></a>
</div>
<div>
Current Price: {{ item.current_price }}
</div>
<div>
<form action="{% url 'watchlist_del' item.id %}" action="post">
<input type="submit" value="Delete">
</form>
</div>
</div>
<div style="border-bottom: 1px solid black;"></div>
</li>
{% empty %}
<h1>No items in watchlist</h1>
{% endfor %}
</ol>
{% endif %}
{% endblock %}
I checked session data through Django-admin and found that even after deleting an item, its data was not deleted from request.session["watchlist"]. It only gets updated after I log in and log out again.
I was able to fix the issue by replacing the form in watchlist.html with an <a> tag.
watchlist.html:
<div>
<a href="{% url 'watchlist_del' item.id %}">Delete from watchlist</a>
</div>
views.py
def watchlist(request, item_id=None):
if item_id is not None:
for item in request.session["watchlist"]:
if item["id"] == item_id:
ind = request.session["watchlist"].index(item)
modified = request.session["watchlist"][:ind] request.session["watchlist"][ind 1:]
request.session["watchlist"] = modified
break
data = request.session["watchlist"]
return render(request, "auctions/watchlist.html", {
"data": data
})
but I was still wondering why there was a problem. Was there a problem with the post request? Please clarify. Thanks.
CodePudding user response:
Your form should specify post as method=… attribute [mdn-doc], not as action=… attribute [mdn-doc], and will requires a CSRF-token, so:
<form action="{% url 'watchlist_del' item.id %}" method="post">
{% csrf_token %}
<input type="submit" value="Delete">
</form>
Your view logic can be simplified with list comprehension:
def watchlist(request, item_id=None):
if request.method == 'POST':
request.session['watchlist'] = [
item for item in request.session['watchlist'] if item['id'] != item_id
]
data = request.session['watchlist']
return render(request, 'auctions/watchlist.html', {'data': data})Note: In case of a successful POST request, you should make a
redirect[Django-doc] to implement the Post/Redirect/Get pattern [wiki]. This avoids that you make the same POST request when the user refreshes the browser.
CodePudding user response:
force update session after every update
# Set session as modified to force data updates/cookie to be saved.
request.session.modified = True