If you want to use a normal session in django project then you need to configure your django
1. Configuration Items session parameters
Add configuration items session in settings.py file project
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_COOKIE_NAME = "sessionid"
SESSION_COOKIE_PATH = "/"
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_SECURE = False
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 43200
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
SESSION_SAVE_EVERY_REQUEST = False
- SESSION_ENGINE = 'django.contrib.sessions.backends.db' # 指定session引擎
- SESSION_COOKIE_NAME = "sessionid" # session stored in the browser name
- SESSION_COOKIE_PATH = "/" site path # session application, the default for the whole station
- SESSION_COOKIE_DOMAIN = None # session application site domain name
- SESSION_COOKIE_SECURE = False # session whether to allow only stored in https
- SESSION_COOKIE_HTTPONLY = True # is set to True js can not get to the content, which can effectively prevent XSS ***
- SESSION_COOKIE_AGE = 43200 # session lifetime
- SESSION_EXPIRE_AT_BROWSER_CLOSE = True # whether to clear session when the browser is closed
- SESSION_SAVE_EVERY_REQUEST = False # When a request comes in to save the session again
2. Use the app in session
class Login(View):
def post(self, request):
name = request.POST.get('name')
password = request.POST.get('password')
if name == 'admin' and password == 'admin':
# 设置session
request.session['userinfo'] = name
def get(self, request):
flag = request.GET.get('logout')
if flag == 'true':
sessionKey = request.session.session_key # 获取session在cookie中存储的key
if sessionKey:
request.session.delete(sessionKey) # 删除当前session
session can only store the dictionary