I. Overview
Cookies: Generally, when the user logs in successfully, some user information is returned to the browser along with the response response. Afterwards, the browser will open up a storage space according to the IP address, and store the user data in the storage space of the browser. The data of cookies is stored in the browser, so these data cannot contain user-sensitive data.
session: First of all, the session depends on cookies. The session_id generated by the system will be stored in the storage space of the browser along with the response response. The session_id stored in the browser is a random string, just like a key. The real user data is stored in the backend system. Django stores it in the database table by default. The corresponding user data is obtained from the database table through the session_id key in cookies.
2. The use of cookies and sessions
Cookies use:
from django.contrib.auth.hashers import make_password, check_password
from django.http import JsonResponse
class LoginView(View):
def post(self,request):
user = request.POST.get('username')
password = request.POST.get('password')
user_obj = models.Usermodel.objects.filter(user=user).first()
if user_obj:
is_true = check_password(password,user_obj.password)
if is_true:
response = JsonResponse({'code':200,'msg':'登录成功'})
#设置cookies
response.set_cookie('name',user)
response.set_cookie('hobby',['惨','跳','rap'])
#设置session
request.session['user']=user
return response
else:
return JsonResponse({'code':404,'msg':'密码错误'})
else:
return JsonResponse({'code':404,'msg':'用户不存在'})
def home(request):
#去cookies,在request中取,浏览器中存储的用户数据,django会取出存到request中
name = request.COOKIES.get('name')
hobby = request.COOKIES.get('hobby)
return HttpResponse('ok')The use of session:
from django.contrib.auth.hashers import make_password, check_password
from django.http import JsonResponse
class LoginView(View):
def post(self,request):
user = request.POST.get('username')
password = request.POST.get('password')
user_obj = models.Usermodel.objects.filter(user=user).first()
if user_obj:
is_true = check_password(password,user_obj.password)
if is_true:
response = JsonResponse({'code':200,'msg':'登录成功'})
#设置cookies
response.set_cookie('name',user)
response.set_cookie('hobby',['惨','跳','rap'])
#设置session,在session的中间件中,会生成session_id写到response中
request.session['user']=user#会将session数据存到数据中
return response
else:
return JsonResponse({'code':404,'msg':'密码错误'})
else:
return JsonResponse({'code':404,'msg':'用户不存在'})
def home(request):
#取session,在request中取出来。
user = request.session.get('user')
obj = models.UserModelobjects,filter(user=user).first()
if obj:
name = obj.name
age = obj.age
name = request.COOKIES.get('name')
hobby = request.COOKIES.get('hobby)
return HttpResponse('ok')3. Source code analysis of session middleware
The session is stored in the backend, but the key session_id is needed to retrieve the corresponding data.
class SessionMiddleware(MiddlewareMixin):
def process_request(self, request):
#请求到路由控制前,执行该中间件
#从request中将cookies中的session_id取出来,
#通过session_id 这把钥匙,获取对应的session数据
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)
request.session = self.SessionStore(session_key)
#将session数据存储到request.session中
#这就是为什么我们可以在视图函数中,通过request.session中获取用户信息
def process_response(self, request, response):
#视图函数响应后执行这个中间件函数
#这里就是生成session_id, 一个session_id 对应一个数据库记录
#session_id会存储到cookies中,最后存储到浏览器中
return response