Session variable not getting updated during session in django

I’m new to web development and trying to create an auction website as a course project.
I’m trying to create a user-specific watchlist. It’s able to add a product to the watchlist but when I go to delete an item from the watchlist it doesn’t get deleted until I log out and log in again. Here is my code:

views.py:

def watchlist(request, item_id=None):
    if request.method == "POST":   
         for item in request.session["watchlist"]:
            if item["id"] == item_id:
                ind = request.session["watchlist"].index(item)
                modified = request.session["watchlist"][:ind] + 
                           request.session["watchlist"][ind + 1:]
                request.session["watchlist"] = modified
                break
    data = request.session["watchlist"]
    return render(request, "auctions/watchlist.html", {
        "data": data
    })

watchlist.html:

    {% block body %}
    {% if user.is_authenticated %}
        <h2>Watchlist</h2>
        <ol>
            {% for item in data %}
            <li>
                <div style="display: flex;">
                    <div>
                        <img src="{{ item.image_url }}" alt="No image">
                    </div>
                    <div>
                        <a href="{% url 'listing' item.id %}"><h4>{{ item.title }}</h4></a>
                    </div>
                    <div>
                        Current Price: {{ item.current_price }}
                    </div>
                    <div>
                        <form action="{% url 'watchlist_del' item.id %}" action="post">
                            <input type="submit" value="Delete">
                        </form>
                    </div>
                </div>
                <div style="border-bottom: 1px solid black;"></div>
            </li>
            {% empty %}
            <h1>No items in watchlist</h1>
            {% endfor %}
        </ol>
    {% endif %}
    {% endblock %}

I checked session data through Django-admin and found that even after deleting an item, its data was not deleted from request.session["watchlist"]. It only gets updated after I log in and log out again.

I was able to fix the issue by replacing the form in watchlist.html with an <a> tag.

watchlist.html:

<div>
    <a href="{% url 'watchlist_del' item.id %}">Delete from watchlist</a>
</div>

views.py

def watchlist(request, item_id=None):
    if item_id is not None:   
        for item in request.session["watchlist"]:
            if item["id"] == item_id:
                ind = request.session["watchlist"].index(item)
                modified = request.session["watchlist"][:ind] + request.session["watchlist"][ind + 1:]
                request.session["watchlist"] = modified
                break
    data = request.session["watchlist"]
    return render(request, "auctions/watchlist.html", {
        "data": data
    })

but I was still wondering why there was a problem. Was there a problem with the post request? Please clarify. Thanks.

>Solution :

Your form should specify post as method=… attribute ^[mdn-doc], not as action=… attribute ^[mdn-doc], and will requires a CSRF-token, so:

<form action="{% url 'watchlist_del' item.id %}" method="post">
    {% csrf_token %}
    <input type="submit" value="Delete">
</form>

Your view logic can be simplified with list comprehension:

def watchlist(request, item_id=None):
    if request.method == 'POST':
        request.session['watchlist'] = [
            item for item in request.session['watchlist'] if item['id'] != item_id
        ]
    data = request.session['watchlist']
    return render(request, 'auctions/watchlist.html', {'data': data})

Note: In case of a successful POST request, you should make a redirect
^[Django-doc]
to implement the Post/Redirect/Get pattern ^[wiki].
This avoids that you make the same POST request when the user refreshes the
browser.