How to login as another user using Django?

Question

I've got a site being built on Django to replace a previous custom site built using straight PHP.

The site is built so that a business owner can sign up for a master account and create user accounts for all his employees. The master account can then display a list of all their users and click on a certain button for each of their users and login as that user - no need to enter username or password.

We set a few cookies that declare the current user is now the employee as well as another cookie that tells the system this is still a master account so there's a new button at the top that lets the user click it to go back to their previous master account session.

I'm struggling how to accomplish this in Django. Everything is so modular, I'm not sure how to start a session for a new account without requiring the user to enter username and password again.

Answer 1

You can always use the login method to do that. My advice, though, this does not seem to be the best approach. By changing your master user's session, you would have no way to know if the user is a master user, so how could he have permission to go back to the master account?

You should instead stick to cookies or your browser's local storage to store the current user, without changing his session. Then, just define permissions for your website's actions so your master user will have permission to access all actions, which obviously includes those of the user account he changed to.