1. cookie
1.1 What is a cookie?
Cookies are generated by the server and stored in a small piece of text information on the browser side.
The characteristics of cookies:
1) Store by key-value pair .
2) When accessing a website through a browser, all cookie information related to the website stored in the browser will be sent to the server of the website.
3) Cookies are based on domain name security.
4) The cookie has an expiration time. If not specified, the cookie will expire after closing the browser by default.
1.2 The role of cookies
The HTTP protocol is stateless, and each request is independent. Its execution and results have nothing to do with previous requests and subsequent requests, and cookies are born to meet people's needs for http request states.
1.3 Use of cookies in Django
Example of setting cookies
def cookie_set(request):
response = HttpResponse("<h1>设置Cookie</h1>")
response.set_cookie('your_cookie', '你好')
return response
Commonly used:
rep.set_cookie(key,value,...)
rep.set_signed_cookie(key,value,salt='加密字符串', max_age=None, ...)
Example of getting cookies :
def cookie_get(request):
if 'your_cookie' in request.COOKIES:
response = HttpResponse("获取Cookie")
return response
Commonly used:
request.COOKIES['key']
request.get_signed_cookie(key, default=RAISE_ERROR, salt='', max_age=None)
- to sum up
method | description |
---|---|
rep.set_cookie(key,value,…) | Set cookie |
rep.set_signed_cookie (key, value, salt = 'encrypted string', max_age = None,…) | Salted cookie settings, parameters: 1) key, key 2) value = '', value 3) max_age = None, timeout 4) expires = None, timeout (IE requires expires, so set it if hasn't been already.) 5) path = '/', the path where the cookie is valid, / means the root path, special: the root path cookie can be accessed by any url page 6) domain = None, the domain name where the cookie is valid 7) secure = False , https transmission 9) httponly = False can only be transmitted by the HTTP protocol and cannot be obtained by JavaScript (not absolute, the underlying packet capture can be obtained or can be overwritten) |
request.COOKIES[‘key’] | Ordinary cookie acquisition |
request.get_signed_cookie(key, default=RAISE_ERROR, salt=’’, max_age=None) | Salted cookie acquisition, parameters: 1) default: default value 2) salt: encrypted salt 3) max_age: background control expiration time |
二.session
For sensitive and important information, it is recommended to store it on the server side, not in the browser, such as user name, balance, level, verification code and other information, then session is used.
The session saves important information on the server, and returns a random string to the client, which is stored in the cookie.
Features of session:
-
- Sessions are stored as key-value pairs.
-
- session depends on cookies. The unique identification code is stored in the sessionid cookie.
-
- The session also has an expiration time, if not specified, the default will expire in two weeks.
- The session also has an expiration time, if not specified, the default will expire in two weeks.
2.1 Common methods of Django Session
use | method |
---|---|
Obtain | 1) request.session[‘k1’] 2) request.session.get(‘k1’,None) |
Set up | 1)request.session[‘k1’] = “abc” 2)request.session.setdefault(‘k1’,“abc”) |
Delete session data | del request.session[‘k1’] |
Key, value, key-value pairs commonly used methods | 1)request.session.keys() 2)request.session.values() 3)request.session.items() 4)request.session.iterkeys() 5)request.session.itervalues() 6)request.session.iteritems() |
Session key | request.session.session_key |
Delete all data whose session expiration date is less than the current date | request.session.clear_expired() |
Check if the session session key exists in the database | request.session.exists(“session_key”) |
Delete all Session data of the current session | request.session.delete() |
Delete the current session data and delete the session cookies. | request.session.flush() |
Set the timeout of Session and Cookie | request.session.set_expiry(value) 如果value是个整数,session会在些秒数后失效。 如果value是个datatime或timedelta,session就会在这个时间后失效。 如果value是0,用户关闭浏览器session就会失效。 如果value是None,session会依赖全局session失效策略。 |