If multiple admins edit the same record, use lock_version. Rails will raise on conflicting updates, and you can show a friendly “this changed underneath you” message. It prevents subtle lost updates.

Sometimes the DOM updates but the browser tab title stays stale (e.g., unread count, active chat room). A neat Hotwire trick is a custom Turbo Stream action that sets document.title. The server emits a <turbo-stream action='set_title'> with a te

When caching lists, include inputs that change the list (filters, page, member permissions). A deterministic cache key function prevents subtle “wrong user saw wrong list” bugs.

Markdown is the sweet spot for user-generated content: expressive enough, but not a full HTML editor. The danger is letting raw HTML slip through. I use remark to parse markdown, then rehype to render HTML, and I disable raw HTML unless I have a sanit

Custom error pages improve user experience and brand consistency. I create templates named 404.html, 500.html, 403.html, and 400.html in the templates root. Django serves these automatically when DEBUG=False. For custom logic, I can override error han

The Django admin is powerful when customized. I set list_display for column layout, list_filter and search_fields for finding records. Using readonly_fields, I prevent editing certain fields. The fieldsets organize the form layout. For computed values

Turbo Frames can implement infinite scrolling without a JS router. I render the first page normally and append a “next page” frame at the bottom with loading: :lazy. When the user scrolls and the frame enters view, Turbo fetches the next page automati

A classic Turbo foot-gun is returning a full layout inside a frame, which results in nested <html> and weird styling. The simplest fix is layout -> { turbo_frame_request? ? false : 'application' } at the controller level. I use this when I ha

Custom template filters transform variables in templates. I decorate functions with @register.filter and optionally set is_safe=True for HTML output. Filters take one or two arguments. For formatting dates, numbers, or text, filters keep logic out of

GraphQL endpoints can be abused with huge queries that are expensive to parse and execute. Persisted queries let clients send a hash (e.g. sha256:...) instead of the full query, and the server only executes queries it recognizes. This reduces payload

When a session expires, Turbo can end up swapping a login page into a frame, which is confusing. A practical fix is to detect 401 responses on the client and trigger a full-page visit (Turbo.visit) to the login URL. This keeps the app consistent and a

Race conditions happen. The correct “find or create” in production uses a unique constraint and a retry on conflict, not a naive check-then-insert. Let the database serialize the race.