django login_required decorator, always redirect to login page, even after logging in

Question

code in views.py

def custom_login(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)            
            return redirect('main')
        else:
            return redirect('login')
    else:
        user = AuthenticationForm()
        return render(request, 'index.html', {'form': user})

@login_required
def main(request):
    return render(request, 'main.html')

urls.py

urlpatters =[url(r'^$', views.custom_login, name='login'),
url(r'^main', views.main, name='main')]

in settings.py

INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',]

MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',]

LOGIN_URL = 'login'
LOGIN_REDIRECT_URL = 'main'

If I don't put login_required decorator on main, I am able to redirect to main. but if I use login_required decorator, I am getting redirected back to login page after login with URL http://localhost:9000/sample_app/?next=/sample_app/main I am using python3 with django

UPDATE I had made a silly mistake, I had these settings enabled in my setting. SESSION_COOKIE_SECURE = True

CSRF_COOKIE_SECURE = True

Which was rejecting the normal http request. But it works using SSL

Answer 1

I had made a silly mistake, I had these settings enabled in my setting.

SESSION_COOKIE_SECURE = True

CSRF_COOKIE_SECURE = True

Which was rejecting the normal http request. Disabling it works in http. But it works using SSL