转 Cookie、Session

https://www.cnblogs.com/liwenzhou/p/8343243.html

 

The origin of Cookie

We all know that HTTP protocol is stateless.

Stateless means each request is independent, its execution and results of previous requests and subsequent requests are not directly related, it is not limited by the foregoing request directly affect the response, it does not directly affect the back request response situation.

An interesting word to describe the life is only as strike, for the server, each request is new.

State data can be understood as a client and server created in a given session, and that no state to think that these data will not be retained. Session data generated is we need to be saved, that is to "hold." So Cookie is born under such a scenario.

What is a Cookie

Cookie specifically referring to was a little information, it is the server sends out a bundle of keys stored on the browser's right, next time you access the server browser will automatically carry these key-value pairs for the server to extract useful information.

Cookie principles

Works cookie is: generated content from the server, the browser receives the request saved locally; when the browser visits, the browser will automatically bring the Cookie, so the server can be judged by the content of this Cookie "who "a.

View Cookie

We use the Chrome browser, open the developer tools.

Django operating Cookie

Get Cookie

request.COOKIES['key']
request.get_signed_cookie(key, default=RAISE_ERROR, salt='', max_age=None)

parameter:

  • default: default value
  • salt: Salt Encryption
  • max_age: background control expiration

Cookie settings

rep = HttpResponse(...)
rep = render(request, ...)

rep.set_cookie(key,value,...)
rep.set_signed_cookie(key,value,salt='加密盐', max_age=None, ...)

parameter:

  • key, key
  • value = '', the value of
  • max_age = None, timeout
  • expires=None, 超时时间(IE requires expires, so set it if hasn't been already.)
  • path = '/', which entered into force Cookie path, / represents the root path, special: cookie root path can be accessed any url of the page
  • The domain domain = None, Cookie into force
  • secure = False, https transmission
  • httponly = False only http protocol transport, can not be acquired JavaScript (not absolute, can get to the bottom of capture may be covered)

Delete Cookie

Zimbabwe Logout DEF (Request): 
    REP = redirect ( "/ the Login /") 
    rep.delete_cookie ( "the User") # delete usercookie values previously set on the user's browser to 
    return rep

Cookie version landing check

  cookie Login

Session

Session derived

Although Cookie solved to a certain extent, a "hold" requirements, but due to the 4096 byte maximum support itself Cookie, Cookie and stored in the client itself, may be intercepted or stolen, and therefore there is a need for something new, it support more bytes, and he saved on the server, there is high security. This is the Session.

The question is, based on the characteristics of the stateless HTTP protocol, the server does not know the visitor "who." Then the aforementioned Cookie will play the role of bridge.

We can give each client Cookie assigned a unique id, so that users access by Cookie, the server knows to the people "who." Then we id different based on Cookie's, private information stored on the server for some time, such as "account password" and so on.

In conclusion: Cookie up for the lack HTTP stateless, let the server know to the people "who"; however Cookie in the form of text stored locally, their security is poor; so we can identify the user through different Cookie, corresponding saving private information and text than 4096 bytes in the Session.

Further, the above-mentioned fact, Cookie and Session commonality things, not limited to the language and the frame.

Django related methods in Session

Copy the code
# Get, set, delete data in the Session 
makes request.session [ 'K1'] 
request.session.get ( 'K1', None) 
makes request.session [ 'K1'] = 123 
request.session.setdefault ( 'K1', 123 ) # is not set exists 
del makes request.session [ 'K1'] 


# all the keys, the key-value pair 
request.session.keys () 
request.session.values () 
request.session.items () 
request.session.iterkeys () 
request.session.itervalues () 
request.session.iteritems () 

# session session of Key 
request.session.session_key 

# All session expiration date less than the current date data deletion 
request.session.clear_expired () 

# check session session of key exists in the database 
request.session.exists ( "session_key") 

# delete all data in the current session session 
request.session.delete ()
  
# Delete the current session data and delete the Cookie session. 
request.session.flush () 
    This is used to ensure that the previous session data can not be accessed again the user's browser, 
    for example, django.contrib.auth.logout () function is called it. 

# Set the Session and Cookie timeout 
request.session.set_expiry (value) 
    * If the value is an integer, session will expire after some number of seconds. 
    * If the value is datatime or timedelta, session will expire after this time. 
    * If the value is 0, the user closes the browser session will fail. 
    * If the value is None, session will depend on the global session expiration policy.
Copy the code

Session flow analysis

Session version login authentication

Copy the code
from functools import wraps


def check_login(func):
    @wraps(func)
    def inner(request, *args, **kwargs):
        next_url = request.get_full_path()
        if request.session.get("user"):
            return func(request, *args, **kwargs)
        else:
            return redirect("/login/?next={}".format(next_url))
    return inner


def login(request):
    if request.method == "POST":
        user = request.POST.get("user")
        pwd = request.POST.get("pwd")

        if user == "alex" and pwd == "alex1234":
            # 设置session
            request.session["user"] = user
            # 获取跳到登陆页面之前的URL
            next_url = request.GET.get("next")
            # 如果有,就跳转回登陆之前的URL
            if next_url:
                return redirect(next_url)
            # 否则默认跳转到index页面
            else:
                return redirect("/index/")
    return render(request, "login.html")


@check_login
def logout(request):
    # 删除所有当前请求相关的session
    request.session.delete()
    return redirect("/login/")


@check_login
def index(request):
    current_user = request.session.get("user", None)
    return render(request, "index.html", {"user": current_user})
Copy the code

Django中的Session配置

Django中默认支持Session,其内部提供了5种类型的Session供开发者使用。

Copy the code
1. 数据库Session
SESSION_ENGINE = 'django.contrib.sessions.backends.db'   # 引擎(默认)

2. 缓存Session
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'  # 引擎
SESSION_CACHE_ALIAS = 'default'                            # 使用的缓存别名(默认内存缓存,也可以是memcache),此处别名依赖缓存的设置

3. 文件Session
SESSION_ENGINE = 'django.contrib.sessions.backends.file'    # 引擎
SESSION_FILE_PATH = None                                    # 缓存文件路径,如果为None,则使用tempfile模块获取一个临时地址tempfile.gettempdir() 

4. 缓存+数据库
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'        # 引擎

5. 加密Cookie Session
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'   # 引擎

其他公用设置项:
SESSION_COOKIE_NAME = "sessionid"                       # Session的cookie保存在浏览器上时的key,即:sessionid=随机字符串(默认)
SESSION_COOKIE_PATH = "/"                               # Session的cookie保存的路径(默认)
SESSION_COOKIE_DOMAIN = None                             # Session的cookie保存的域名(默认)
SESSION_COOKIE_SECURE = False                            # 是否Https传输cookie(默认)
SESSION_COOKIE_HTTPONLY = True                           # 是否Session的cookie只支持http传输(默认)
SESSION_COOKIE_AGE = 1209600                             # Session的cookie失效日期(2周)(默认)
SESSION_EXPIRE_AT_BROWSER_CLOSE = False                  # 是否关闭浏览器使得Session过期(默认)
SESSION_SAVE_EVERY_REQUEST = False                       # 是否每次请求都保存Session,默认修改之后才保存(默认)
Copy the code

CBV中加装饰器相关

CBV实现的登录视图

Copy the code
class LoginView(View):

    def get(self, request):
        """
        处理GET请求
        """
        return render(request, 'login.html')

    def post(self, request):
        """
        处理POST请求 
        """
        user = request.POST.get('user')
        pwd = request.POST.get('pwd')
        if user == 'alex' and pwd == "alex1234":
            next_url = request.GET.get("next")
            # 生成随机字符串
            # 写浏览器cookie -> session_id: 随机字符串
            # 写到服务端session:
            # {
            #     "随机字符串": {'user':'alex'}
            # }
            request.session['user'] = user
            if next_url:
                return redirect(next_url)
            else:
                return redirect('/index/')
        return render(request, 'login.html')
Copy the code

要在CBV视图中使用我们上面的check_login装饰器,有以下三种方式:

from django.utils.decorators import method_decorator

1. 加在CBV视图的get或post方法上

Copy the code
from django.utils.decorators import method_decorator


class HomeView(View):

    def dispatch(self, request, *args, **kwargs):
        return super(HomeView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return render(request, "home.html")
    
    @method_decorator(check_login)
    def post(self, request):
        print("Home View POST method...")
        return redirect("/index/")
Copy the code

2. 加在dispatch方法上

Copy the code
from django.utils.decorators import method_decorator


class HomeView(View):

    @method_decorator(check_login)
    def dispatch(self, request, *args, **kwargs):
        return super(HomeView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return render(request, "home.html")

    def post(self, request):
        print("Home View POST method...")
        return redirect("/index/")
Copy the code

因为CBV中首先执行的就是dispatch方法,所以这么写相当于给get和post方法都加上了登录校验。

3. 直接加在视图类上,但method_decorator必须传 name 关键字参数

如果get方法和post方法都需要登录校验的话就写两个装饰器。

Copy the code
from django.utils.decorators import method_decorator

@method_decorator(check_login, name="get")
@method_decorator(check_login, name="post")
class HomeView(View):

    def dispatch(self, request, *args, **kwargs):
        return super(HomeView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return render(request, "home.html")

    def post(self, request):
        print("Home View POST method...")
        return redirect("/index/")
Copy the code

补充

CSRF Token相关装饰器在CBV只能加到dispatch方法上,或者加在视图类上然后name参数指定为dispatch方法。

备注:

  • csrf_protect,为当前函数强制设置防跨站请求伪造功能,即便settings中没有设置全局中间件。
  • csrf_exempt,取消当前函数防跨站请求伪造功能,即便settings中设置了全局中间件。
Copy the code
from django.views.decorators.csrf import csrf_exempt, csrf_protect
from django.utils.decorators import method_decorator


class HomeView(View):

    @method_decorator(csrf_exempt)
    def dispatch(self, request, *args, **kwargs):
        return super(HomeView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return render(request, "home.html")

    def post(self, request):
        print("Home View POST method...")
        return redirect("/index/")
Copy the code

或者

Copy the code
from django.views.decorators.csrf import csrf_exempt, csrf_protect
from django.utils.decorators import method_decorator


@method_decorator(csrf_exempt, name='dispatch')
class HomeView(View):
   
    def dispatch(self, request, *args, **kwargs):
        return super(HomeView, self).dispatch(request, *args, **kwargs)

    def get(self, request):
        return render(request, "home.html")

    def post(self, request):
        print("Home View POST method...")
        return redirect("/index/")
Copy the code

分页

当数据库中数据有很多,我们通常会在前端页面做分页展示。

分页的数据可以在前端页面实现,也可以在后端实现分页。

后端实现分页的原理就是每次只请求一页数据。

准备工作

我们使用脚本批量创建一些测试数据(将下面的代码保存到bulk_create.py文件中放到Django项目的根目录,直接执行即可。):

Copy the code
import os

if __name__ == "__main__":
    os.environ.setdefault("DJANGO_SETTINGS_MODULE", "about_orm.settings")

    import django
    django.setup()

    from app01 import models
    bulk_obj = (models.Publisher(name='沙河第{}出版社'.format(i)) for i in range(300))
    models.Publisher.objects.bulk_create(bulk_obj)
Copy the code

自定义分页

Copy the code
def publisher_list(request):
    # 从URL中取当前访问的页码数
    try:
        current_page = int(request.GET.get('page'))
    except Exception as e:
        # 取不到或者页码数不是数字都默认展示第1页
        current_page = 1
    # 总数据量
    total_count = models.Publisher.objects.count()
    # 定义每页显示多少条数据
    per_page = 10
    # 计算出总页码数
    total_page, more = divmod(total_count, per_page)
    if more:
        total_page += 1
    # 定义页面上最多显示多少页码(为了左右对称,一般设为奇数)
    max_show = 11
    half_show = max_show // 2
    # 计算一下页面显示的页码范围
    if total_page <= max_show:  # 总页码数小于最大显示页码数
        page_start = 1
        page_end = total_page
    elif current_page + half_show >= total_page:  # 右边越界
        page_end = total_page
        page_start = total_page - max_show
    elif current_page - half_show <= 1:  # 左边越界
        page_start = 1
        page_end = max_show
    else:  # 正常页码区间
        page_start = current_page - half_show
        page_end = current_page + half_show
    # 数据索引起始位置
    data_start = (current_page-1) * per_page
    data_end = current_page * per_page

    publisher_list = models.Publisher.objects.all()[data_start:data_end]

    # 生成页面上显示的页码
    page_html_list = []
    page_html_list.append('<nav aria-label="Page navigation"><ul class="pagination">')
    # 加首页
    first_li = '<li><a href="/publisher_list/?page=1">首页</a></li>'
    page_html_list.append(first_li)
    # 加上一页
    if current_page == 1:
        prev_li = '<li><a href="#"><span aria-hidden="true">&laquo;</span></a></li>'
    else:
        prev_li = '<li><a href="/publisher_list/?page={}"><span aria-hidden="true">&laquo;</span></a></li>'.format(current_page - 1)
    page_html_list.append(prev_li)
    for i in range(page_start, page_end + 1):
        if i == current_page:
            li_tag = '<li class="active"><a href="/publisher_list/?page={0}">{0}</a></li>'.format(i)
        else:
            li_tag = '<li><a href="/publisher_list/?page={0}">{0}</a></li>'.format(i)
        page_html_list.append(li_tag)
    # 加下一页
    if current_page == total_page:
        next_li = '<li><a href="#"><span aria-hidden="true">&raquo;</span></a></li>'
    else:
        next_li = '<li><a href="/publisher_list/?page={}"><span aria-hidden="true">&raquo;</span></a></li>'.format(current_page + 1)
    page_html_list.append(next_li)
    # 加尾页
    page_end_li = '<li><a href="/publisher_list/?page={}">尾页</a></li>'.format(total_page)
    page_html_list.append(page_end_li)
    page_html_list.append('</ul></nav>')
    page_html = "".join(page_html_list)
    return render(request, "publisher_list.html", {"publisher_list": publisher_list, "page_html": page_html})
Copy the code
Copy the code
class Pagination(object):
    """自定义分页(Bootstrap版)"""
    def __init__(self, current_page, total_count, base_url, per_page=10, max_show=11):
        """
        :param current_page: 当前请求的页码
        :param total_count: 总数据量
        :param base_url: 请求的URL
        :param per_page: 每页显示的数据量,默认值为10
        :param max_show: 页面上最多显示多少个页码,默认值为11
        """
        try:
            self.current_page = int(current_page)
        except Exception as e:
            # 取不到或者页码数不是数字都默认展示第1页
            self.current_page = 1
        # 定义每页显示多少条数据
        self.per_page = per_page
        # 计算出总页码数
        total_page, more = divmod(total_count, per_page)
        if more:
            total_page += 1
        self.total_page = total_page
        # 定义页面上最多显示多少页码(为了左右对称,一般设为奇数)
        self.max_show = max_show
        self.half_show = max_show // 2
        self.base_url = base_url

    @property
    def start(self):
        return (self.current_page-1) * self.per_page

    @property
    def end(self):
        return self.current_page * self.per_page

    def page_html(self):
        # 计算一下页面显示的页码范围
        if self.total_page <= self.max_show:  # 总页码数小于最大显示页码数
            page_start = 1
            page_end = self.total_page
        elif self.current_page + self.half_show >= self.total_page:  # 右边越界
            page_end = self.total_page
            page_start = self.total_page - self.max_show
        elif self.current_page - self.half_show <= 1:  # 左边越界
            page_start = 1
            page_end = self.max_show
        else:  # 正常页码区间
            page_start = self.current_page - self.half_show
            page_end = self.current_page + self.half_show
        # 生成页面上显示的页码
        page_html_list = []
        page_html_list.append('<nav aria-label="Page navigation"><ul class="pagination">')
        # 加首页
        first_li = '<li><a href="{}?page=1">首页</a></li>'.format(self.base_url)
        page_html_list.append(first_li)
        # 加上一页
        if self.current_page == 1:
            prev_li = '<li><a href="#"><span aria-hidden="true">&laquo;</span></a></li>'
        else:
            prev_li = '<li><a href="{}?page={}"><span aria-hidden="true">&laquo;</span></a></li>'.format(
                self.base_url, self.current_page - 1)
        page_html_list.append(prev_li)
        for i in range(page_start, page_end + 1):
            if i == self.current_page:
                li_tag = '<li class="active"><a href="{0}?page={1}">{1}</a></li>'.format(self.base_url, i)
            else:
                li_tag = '<li><a href="{0}?page={1}">{1}</a></li>'.format(self.base_url, i)
            page_html_list.append(li_tag)
        # 加下一页
        if self.current_page == self.total_page:
            next_li = '<li><a href="#"><span aria-hidden="true">&raquo;</span></a></li>'
        else:
            next_li = '<li><a href="{}?page={}"><span aria-hidden="true">&raquo;</span></a></li>'.format(
                self.base_url, self.current_page + 1)
        page_html_list.append(next_li)
        # 加尾页
        page_end_li = '<li><a href="{}?page={}">尾页</a></li>'.format(self.base_url, self.total_page)
        page_html_list.append(page_end_li)
        page_html_list.append('</ul></nav>')
        return "".join(page_html_list)
Copy the code
Copy the code
def publisher_list(request):
    # 从URL中取当前访问的页码数
    current_page = int(request.GET.get('page'))
    # 比len(models.Publisher.objects.all())更高效
    total_count = models.Publisher.objects.count()
    page_obj = Pagination(current_page, total_count, request.path_info)
    data = models.Publisher.objects.all()[page_obj.start:page_obj.end]
    page_html = page_obj.page_html()
    return render(request, "publisher_list.html", {"publisher_list": data, "page_html": page_html})
Copy the code

Django内置分页

Copy the code
from django.shortcuts import render
from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger

L = []
for i in range(999):
    L.append(i)

def index(request):
    current_page = request.GET.get('p')

    paginator = Paginator(L, 10)
    # per_page: 每页显示条目数量
    # count:    数据总个数
    # num_pages:总页数
    # page_range:总页数的索引范围,如: (1,10),(1,200)
    # page:     page对象
    try:
        posts = paginator.page(current_page)
        # has_next              是否有下一页
        # next_page_number      下一页页码
        # has_previous          是否有上一页
        # previous_page_number  上一页页码
        # object_list           分页之后的数据列表
        # number                当前页
        # paginator             paginator对象
    except PageNotAnInteger:
        posts = paginator.page(1)
    except EmptyPage:
        posts = paginator.page(paginator.num_pages)
    return render(request, 'index.html', {'posts': posts})
Copy the code
Copy the code
<!DOCTYPE html>
<html>
<head lang="en">
    <meta charset="UTF-8">
    <title></title>
</head>
<body>
<ul>
    {% for item in posts %}
        <li>{{ item }}</li>
    {% endfor %}
</ul>

<div class="pagination">
      <span class="step-links">
        {% if posts.has_previous %}
            <a href="?p={{ posts.previous_page_number }}">Previous</a>
        {% endif %}
          <span class="current">
            Page {{ posts.number }} of {{ posts.paginator.num_pages }}.
          </span>
          {% if posts.has_next %}
              <a href="?p={{ posts.next_page_number }}">Next</a>
          {% endif %}
      </span>

</div>
</body>
</html>
Copy the code

 

Guess you like

Origin www.cnblogs.com/saolv/p/10993570.html