Clear browser cookie shortcut: Ctrl + the Shift + the Delete , cookie contains csrf authentication information
Get Cookie
request.COOKIES['key']
request.COOKIES.get['key']
request.get_signed_cookie (Key, default = RAISE_ERROR, = Salt '', the max_age = None) ( Signature Cookie , is signed encrypted when provided )
parameter:
default: default value
salt: Encryption salt
max_age: background control expiration
Set Cookie
rep = HttpResponse(...)
rep = render(request, ...)
rep = redirect( ...)
rep.set_cookie(key,value,...)
rep.set_signed_cookie (key, value, salt = ' encrypted salt ', the max_age = None, ...) ( Signed Cookie )
return rep
parameter:
key, key
value = '', the value of
max_age = None, timeout
expires=None, 超时时间(IE requires expires, so set it if hasn't been already.)
path = '/', Cookie path in force, / represents the root path, special: the root path of the cookie can be any url pages visited
domain = None, Cookie domain name in force
secure = False, https transmission
httponly = False only http protocol transport, can not be JavaScript acquired (not absolute, can get to the bottom of capture may be covered)
Delete Cookie
def logout(request):
rep = redirect("/login/")
rep.delete_cookie ( "the User") # delete previously set on the user's browser usercookie value
return rep
cookie set parameters
class HttpResponseBase:
def set_cookie(self, key, 键
value = '', the value of
max_age = None, ultra-long , effective events, max_age = 20 means that this cookie20 after seconds gone, the default length is 2 Zhou , this is in seconds of
cookie needs to extend the time (in seconds)
If the argument is \ None`` , this cookie will be extended to the browser closed.
expires = None, ultra-long, the value is a datetime type of date and time the object, on the failure to date of this meaning, with much
expires default None, cookie actual date of failure / time.
= path '/', Cookie path into effect, which is the access path can get cookie , '/' is all paths have access to cookie
The browser will only cookie back to the page with the path to avoid the cookie other applications to pass site.
/ Represents the root path, special: the root path of the cookie can be any url pages visited
None = Domain, Cookie domain name in force
You can use this parameter to construct a cross-site the cookie .
如, domain=".example.com"
所构造的cookie对下面这些站点都是可读的:www.example.com 、 www2.example.com 和.other.sub.domain.example.com 。
如果该参数设置为 None ,cookie只能由设置它的站点读取。
secure=False, 如果设置为 True ,浏览器将通过HTTPS来回传cookie。
httponly=False 只能http协议传输,无法被JavaScript获取(不是绝对,底层抓包可以获取到也可以被覆盖)
): pass