Django basis (four) -cookie the session

Others 2019-09-25 19:45:38 views: null

I. Introduction

1) cookie does not belong to the http protocol range, the http protocol can not hold, but the reality, but we need to "hold" and therefore cookie is born under such a scenario.

2) the working principle of the cookie is: generated content from the server, the browser receives the request saved locally; when the browser visits, the browser will automatically bring the cookie, so that the server can be judged by the content of this cookie is "who" the

3) cookie Although solved to a certain extent, the "hold" requirements, but due to the cookie itself supports up to 4096 bytes, and the cookie stored in the client itself, may be intercepted or stolen, and therefore there is a need for something new, it can support more bytes, and he saved on the server, there is high security. That's session. The question is, based on the characteristics of a stateless http protocol, the server does not know the visitor "who." Then the above-mentioned cookie will play the role of bridge. We can give a unique id cookie assign each client so that users access through the cookie, the server knows to the people "who." Then we id different based on the cookie, private information stored on the server for some time, such as "account password" and so on.

4) To sum up: cookie to make up for the lack of http stateless, let the server know to the people "who"; but the cookie in the form of text stored locally, their security is poor; so we through the cookie to identify different user, corresponding saving private information and text than 4096 bytes in the session.

5) Further, the above-mentioned session cookie and commonality in fact something is not limited to the language and the frame

Second, the authentication mechanism

Whenever we use a browser when visiting a landing page, once we have passed the certification. The server side sends a set of unique random string (assuming 123abc) to the browser, that is stored is called cookie on the browser side stuff . And the server will store about their own current state of the user, such as login = true, username = user information hahaha like. But this store is the dictionary is stored , the dictionary's the only key issue is just a unique cookie value of the user . So if you view session information on the server side, then, in theory, you will see the following dictionary look like { '123abc': { 'login ': true, 'username: hahaha'}}. Because each cookie is unique, so we are in the computer to change the browser and then landing on the same site also need to verify again. So why do we just say theoretically see it like this dictionary? Because in the safety considerations of the fact that a big dictionary not only for the above key is encrypted 123abc value, value a value { 'login': true, ' username: hahaha'} at the server side is the same encrypted. So even if we open the server session information see something like the following also looks like { '123abc': dasdasdasd1231231da1231231}

wKioL1bmwJqQWT79AACFVu-rqIs465.gif

Third, code implementation

3.1, create html file

Create two html templates in the directory, login.html responsible for the login page. backend page represents a background page

image

login.html contents of the file:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>login</title>
    <link rel="stylesheet" href="http://830909.blog.51cto.com/static/plugins/bootstrap-3.3.5-dist/css/bootstrap.min.css">
</head>
<body>
    <div class="container">
        <form action="login.html" method="post">
            <div class="form-group">
                <label class="sr-only">username</label>
                <input type="text" class="form-control" name="username" placeholder="用户名"/>
            </div>
            <div class="form-group">
                <label class="sr-only">Password</label>
                <input type="password" class="form-control" name="passwd" placeholder="密码"/>
            </div>
            <div class="form-group">
                <input class="btn btn-primary" type="submit" value="http://830909.blog.51cto.com/8311014/Submit">
            </div>
        </form>
</div>
<script type="application/Javascript" src="http://830909.blog.51cto.com/static/js/jquery-2.2.1.min.js"></script>
<script type="application/javascript" src="http://830909.blog.51cto.com/static/plugins/bootstrap-3.3.5-dist/js/bootstrap.min.js"></script>
</body>
</html>

backend.html文件内容:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>backend</title>
    <link rel="stylesheet" href="http://830909.blog.51cto.com/static/plugins/bootstrap-3.3.5-dist/css/bootstrap.min.css">
    <link rel="stylesheet" href="http://830909.blog.51cto.com/static/css/commons.css">
</head>
<body>
<div class="container">
    <h2>cookie 内容是 {{ cookie_content }}</h2>
    <h2>session 内容是 {{ session_content }}</h2>
    <h2>登录用户名 :{{ username }}</h2>
    <a href="http://830909.blog.51cto.com/logout/">注销</a>
</div>
<script type="application/javascript" src="http://830909.blog.51cto.com/static/js/jquery-2.2.1.min.js"></script>
<script type="application/javascript" src="http://830909.blog.51cto.com/static/plugins/bootstrap-3.3.5-dist/js/bootstrap.min.js"></script>
</body>
</html>

Guess you like

Origin www.cnblogs.com/hujinzhong/p/11584927.html
Recommended
Ranking
How to make the url of the picture have the download attribute and force the download. Jump browser to download automatically.
Lr CC 8.3 Installation Guide
MD5Utils (MD5 encryption tools! Unsalted)
Econ 325 (004)
Photo studio photography appointment app based on java SpringBoot and Vue uniapp
What is b
2017 Second Guangdong strong network Cup online game --Nonstandard
myeclipse8.5 add tomact7
mpeg1, mpeg2 and mpeg4 standard comparative analysis and summary
Tencent sub-sub-group 6-color program
Daily
More
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)

Code World

© 2018 codetd.com