Skip to main content

Overview

SASCOP BME SubTec uses Django’s authentication system to provide secure access to the platform. Users can log in with either their username or email address.

Logging In

1

Navigate to Login Page

Open your browser and navigate to the SASCOP BME SubTec login page at /accounts/login/
2

Enter Credentials

You can log in using either:
  • Your username
  • Your email address
Then enter your password.
3

Click Login

Click the “Iniciar Sesión” button to access the system.
The system automatically redirects authenticated users to the dashboard if they attempt to access the login page.

Authentication Flow

The authentication process is handled by the custom_login function:
operaciones/views/login.py
@ensure_csrf_cookie 
def custom_login(request):
    """Vista para login que acepta username o email"""
    if request.user.is_authenticated:
        return redirect('core:dashboard')
    
    if request.method == 'POST':
        username_or_email = request.POST.get('username')
        password = request.POST.get('password')
        
        # First try authenticating with username
        user = authenticate(request, username=username_or_email, password=password)
        
        # If that fails, try finding user by email
        if user is None:
            try:
                user_by_email = User.objects.get(email__iexact=username_or_email)
                user = authenticate(request, username=user_by_email.username, password=password)
            except User.DoesNotExist:
                user = None
        
        if user is not None:
            login(request, user)
            request.session['last_activity'] = timezone.now().timestamp()
            return redirect('core:dashboard')

Session Management

Session Timeout

SASCOP implements automatic session timeout for security:

Session Configuration

  • Session Duration: 2 hours (7200 seconds)
  • Auto-Save: Sessions are saved on every request
  • Browser Close: Session persists after browser close
bme_subtec/settings.py
SESSION_COOKIE_AGE = 7200  # 2 hours
SESSION_SAVE_EVERY_REQUEST = True 
SESSION_EXPIRE_AT_BROWSER_CLOSE = False

Session Expiration

When your session expires due to inactivity:
  1. You’ll be redirected to the login page
  2. An error message will display: “La sesión ha expirado por inactividad”
  3. Simply re-enter your credentials to continue
Your session will expire after 2 hours of inactivity. Make sure to save your work regularly.

Logging Out

1

Access Logout

Click on your user profile menu in the top navigation bar
2

Click Logout

Select “Cerrar Sesión” from the dropdown menu
3

Confirmation

You’ll be redirected to the login page with a success message

Logout Implementation

operaciones/views/login.py
class CustomLogoutView(LogoutView):
    """LogoutView personalizado que limpia la variable de sesión de actividad"""
    
    def dispatch(self, request, *args, **kwargs):
        if 'last_activity' in request.session:
            del request.session['last_activity']
        
        request.session.save()
        return super().dispatch(request, *args, **kwargs)

Security Features

Password Validation

SASCOP enforces strong password requirements:

Similarity Check

Passwords cannot be too similar to your user information

Minimum Length

Passwords must meet minimum length requirements

Common Passwords

Common passwords are blocked

Numeric Only

Passwords cannot be entirely numeric
bme_subtec/settings.py
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

CSRF Protection

All forms include CSRF protection to prevent cross-site request forgery attacks.
The login view uses @ensure_csrf_cookie decorator to ensure CSRF tokens are properly set.

Troubleshooting

Login Issues

Error Message: “Usuario/email o contraseña incorrectos”Solutions:
  • Verify you’re using the correct username or email
  • Check for typos in your password (passwords are case-sensitive)
  • Contact your system administrator to reset your password
Error Message: “La sesión ha expirado por inactividad”Solutions:
  • This is normal after 2 hours of inactivity
  • Simply log in again with your credentials
  • Your work may have been auto-saved depending on the module
If your account has been deactivated:
  • Contact your system administrator
  • Provide your username or email for account reactivation

Best Practices

Use Strong Passwords

Create unique passwords with a mix of letters, numbers, and symbols

Log Out When Done

Always log out when using shared computers

Keep Session Active

Interact with the system regularly during long work sessions

Secure Your Device

Keep your computer and browser secure with latest updates

Dashboard Navigation

Learn how to navigate the main dashboard

User Permissions

Understand user roles and permissions

Build docs developers (and LLMs) love

Get started for freeTalk to us