[Answered ]-Best way to password protect arbitrary pages with arbitrary passwords in a Django site?


If you have a password per file, then it’s reasonable to store the password hash in the File model. I would strongly recommend that you re-use the hashing methods from django.contrib.auth rather than rolling your own though.

In order to persist the user’s access to the file beyond the login response, you could use Django’s built-in sessions framework: build a list of files the user is allowed to access within the session object. This will work well unless you’re looking to authorize a user session for large numbers of files at the same time.

Note that you can setup the sessions to use a cookie as a backend, and this will also give you cryptographic signing of the cookie, likely to be better than a hand-rolled cookie.


Leave a comment