I have a django website, the first page is a simple login form.
After a successful login, the user is redirected to /home/ url. i.e. to view /home/ url you are required to login (session based).
I'm trying to replay the request to /home/ using a tool like Postman (but other tools could work too I guess).
I open chrome dev tools, network tab, copy all the request headers (cookie header is also there), and paste it in the tool, I copy the url and do a GET request.
This does not work and I my website returns the login page.
Means, my website does not consider the Postman request to be authenticated. Why?
Isn't the session cookie is how the server check whether the user is logged in?
I copied everything from the request headers in chrome, so how is that the browser (chrome) and the tool (Postman) are treated differently?
My website does not uses HTTPS, though I still don't understand how it would make a difference.
问问题
201 次