using session variable to disallow direct URL access to a page in Django

0
votes

This might be a common question but I did a few searches and was not satisfied by the answers.

I have a login page which after successful login creates a session variable called 'currentUser'. This variable stores the currently logged in user.

I have other pages that use this variable and show contents based on that user. However, I have found that I can still access that page without logging in using a direct URL access for example: mysite.com/userProfile/

How do I check for the session variable in every view and only allow logged in users to view that page? I tried @login_required and I don't get it.

Thanks,

djangodjango-viewsdjango-login
Why @login_required didnt satisfy u? - obayhan
Because it did not work for me :( - summerNight
Also, I have the correct imports for the login_url and its still allowed the page to be accessed. I used private browsing features of firefox, chrome and safari to test this. - summerNight
What is your installed app settings in your settings file? - obayhan