0

I was sending the get request like this:

http:121.0.0.1:8000/userlogin/userName=test&password=12345#%

but accepted like this:

"GET /userlogin?username=admin&password=12345 HTTP/1.1" 403 2868

The # and % symbols were not received.

I cannot understand what happened here?

tomerpacific
  • 4,704
  • 13
  • 34
  • 52
marimuthu
  • 81
  • 2
  • 5
  • 1
    It’s a bad idea to use a GET request to log in - it means that the full URL including the username and password can be stored in logs. If possible, use Django’s login view instead of writing your own. – Alasdair Feb 25 '19 at 09:33

1 Answers1

0

URL parameters have certain allowed characters in them, as explained in this question: https://stackoverflow.com/a/1455639/1726625

I suggest editing your password settings, and allowing/disallowing those characters and/or changing the method that you're using to not passing them as a URL parameter.

Could you ellaborate on the case that you need that for?

elicohenator
  • 747
  • 6
  • 17