http protocol of the four characteristics
- TCP / IP based application layer protocol acting
- Based on a request response
- Stateless: repeatedly transmitting the same client request is not associated
- not connected
Session tracking technology
Record messages between multiple requests to make up for the shortcomings saved http stateless (so many requests linked),
- cookie
DETAILED browser stores a message for which a server for the key (key = value)
- The client - server
The client's first visit to the service side of a single function, such as login function, a request to start the client in advance with the empty dictionary is to visit after a successful visit, the server generates a cookie to the client, such as the following cookie:
Cookie: BAIDUID=F00480318ED42C27C35D3A2FBE2B0AD7:FG=1; BIDUPSID=F00480318ED42C27C35D3A2FBE2B0AD7; PSTM=1561713680; BD_UPN=123253; BDUSS=npyYVNyVEMwaldpTUxBV1BCUlhBfmVRTGZJclFlaENWQ0tDeGJyVFQ3a09rRnBkSVFBQUFBJCQAAAAAAAAAAAEAAABYUcuESmF2YV93aW5uZXIyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DM10OAzNdf; BD_HOME=1; H_PS_PSSID=26525_1453_21121_29522_29518_28518_29098_28838_29071When the client again to visit, the client took the flavor cookie to access, the server determined that the client accessed the function, no longer generate a cookie, directly to clients to access its functions
Once the cookie is generated, each visit will take, unless failure, cookie exists on disk
Different cookie access web services is different, different clients access the same web services are different cookie
session
Key stored on the server for
generating a random string of child server back to the client, the server to find a place to keep up with the information string corresponding to {children 'random string': 'sensitive information'}
The client for the first time riding a cow carrying cookie: {}
Setting server session: Request.session [ 'username'] = 'yuan' session is provided to achieve a 3-step
- Generating a random string 123ghrjsdg
- The set_cookie to set the browser in the response body, key is sessionid, the value is generated by the random string 123ghrjsdg
- Add django-session table records, session-key is a random string generated 123ghrjsdg, session-data is { 'username': 'yuan'}
客户端第二次请求携带的cookie: {sessionid=123ghrjsdg}到某一个视图函数(访问某个功能)
服务器中的视图函数取session request.session['username'] 实现了3步
- 客户端携带着cookie: {sessionid=123ghrjsdg}, 视图函数会先读取到cookie中的随机字符串 123ghrjsdg
- 然后视图函数会去django-session表中找到session-key为cookie中的随机字符串 123ghrjsdg的记录
- 然后从这条记录中找到{'username':'yuan'},从而取出值,如果视图函数是登入功能的话,就可以判定这个发请求来的客户端登录成功了,而且登录名字是yuan
没有cookie,session没有任何存在的意义,当我们在浏览器上禁用了cookie,我们就无法登陆京东或者淘宝,因为服务器并没有session,验证无法通过,就无法登入了,session的查看方式在console下的application下的cookies可以查看
设置cookie
cookie语法
响应体: HttpResponse() ,render(), redirect()
设置cookie必须用响应体设置 obj.set_cookie(key,value)
设置完cookie,可以在响应头中查看 request.COOKIE.get(key) / request.COOKIE[key]
cookie超时时间: max_age(ie不支持), expires(ie支持,支持时间对象)
如果不设置超时时间,cookie就远生效
有效路径(path): 针对哪些路径下的视图函数能取到设置的cookie
代码验证
models.py
from django.db import models
class Userinfo(models.Model):
user=models.CharField(max_length=32)
pwd=models.CharField(max_length=32)数据库测试数据
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^login/', views.login),
url(r'^index/', views.index),
]views.py
from django.shortcuts import render, HttpResponse, redirect
# Create your views here.
from app01.models import Userinfo
def login(request):
if request.method == 'POST':
user = request.POST.get('user')
pwd = request.POST.get('pwd')
s_user = Userinfo.objects.filter(user=user, pwd=pwd).first()
print(s_user.user, s_user.pwd)
if s_user:
# 登录成功
response = HttpResponse('登录成功')
response.set_cookie('name', s_user.user)
response.set_cookie('pwd', s_user.pwd, path='/index/')
# 设置用户的上次访问时间
import datetime
now = datetime.datetime.now().strftime('%Y-%m-%d %X')
response.set_cookie('now', now)
return response
else:
# 登录失败
pass
return render(request, 'login.html')
def index(request):
print('index', request.COOKIES)
name = request.COOKIES.get('name')
now = request.COOKIES.get('now', "")
if name:
return render(request, 'index.html', locals())
return redirect('/login/')
def test(request):
print('test', request.COOKIES)
return HttpResponse('test')login.html
<body>
<form action="" method="post">
{% csrf_token %}
用户名 <input type="text" name="user">
密码 <input type="text" name="pwd">
<input type="submit" value="submit">
</form>
</body>index.html
<body>
<h1>hi {{ name }}</h1>
</body>当用户访问http://127.0.0.1:8000/login/,如果验证通过,则登录成功,成功返回设置的cookies,以及可以看到返回的消息
当浏览器输入网址http://127.0.0.1:8000/index/,可以查看到在login视图函数中设置的cookies
当浏览器输入网址http://127.0.0.1:8000/test/,不可以查看login函数中设置的pwd这个cookies
案例
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^reg/', views.reg),
url(r'^login/', views.login),
url(r'^index/', views.index),
url(r'^home/', views.home),
url(r'^xxx/', views.xxx),
]views.py
from django.shortcuts import render, HttpResponse, redirect
# Create your views here.
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if username == 'lyysb' and password == '123':
old_path = request.GET.get('next')
if old_path:
obj = redirect(old_path)
else:
obj = redirect('/home/')
# 用户登录成功 朝浏览器设置一个cookie
obj.set_cookie('name', 'lyysb')
# 设置上次访问时间
import datetime
now = datetime.datetime.now().strftime('%Y-%m-%d %X')
obj.set_cookie('time', now)
return obj
return render(request, 'login.html')
from functools import wraps
def login_auth(func):
@wraps(func)
def inner(request, *args, **kwargs):
print(request.get_full_path())
old_path = request.get_full_path()
# 校验cookie
if request.COOKIES.get('name'):
return func(request, *args, **kwargs)
return redirect('/login/?next=%s' % old_path)
return inner
@login_auth
def index(request):
# print(request.COOKIES.get('name'))
# if request.COOKIES.get('name'):
last_time = request.COOKIES.get('time',"")
return render(request, 'index.html', {'last_time': last_time})
@login_auth
def home(request):
return HttpResponse('我是home页面,只有登陆了才能看')
@login_auth
def xxx(request):
return HttpResponse('我是xxx页面,只有登陆了才能看')login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Title</title>
<script
src="http://code.jquery.com/jquery-3.4.1.js"
integrity="sha256-WpOohJOqMqqyKL9FccASB9O0KwACQJpFTUBLTYOVvVU="
crossorigin="anonymous"></script>
<!-- 最新版本的 Bootstrap 核心 CSS 文件 -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css"
integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
<script src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"
integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa"
crossorigin="anonymous"></script>
</head>
<body>
<form action="" method="post">
<p>username<input type="text" name="username"></p>
<p>password<input type="text" name="password"></p>
<input type="submit">
</form>
</body>
</html>
index.html
<body>
<h1>index</h1>
<p>上次访问时间:{{ last_time }}</p>
</body>`
设置Session
session语法
- 设置Sessions值 request.session['session_name']='admin'
- 获取Session值 session_name=request.session['session_name']
- 删除Session值 del request.session['session_name']
- Flush () Delete the current session data and deletes the session Cookie is used to ensure that the previous session data can not be accessed by the user's browser again
Code verification
models.py
from django.db import models
class Userinfo(models.Model):
user=models.CharField(max_length=32)
pwd=models.CharField(max_length=32)
数据库测试数据
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^login_session/', views.login_session),
url(r'^index_session/', views.index_session),
]
views.py
from django.shortcuts import render, HttpResponse, redirect
# Create your views here.
from app01.models import Userinfo
def login_session(request):
if request.method == 'POST':
user = request.POST.get('user')
pwd = request.POST.get('pwd')
user = Userinfo.objects.filter(user=user, pwd=pwd).first()
if user:
request.session['is_login'] = True
request.session['username'] = 'hppsb'
import datetime
now = datetime.datetime.now().strftime('%Y-%m-%d %X')
request.session['now'] = now
return HttpResponse('登录成功')
'''
1. 生成一个随机字符串 0ps4avkhy95v4hbh1f0bae4266zlsddd
2. response.set_cookie('sessionid',dfrtghhtyr)
3. 在django session 表中创建记录
session-key session-data
0ps4avkhy95v4hbh1f0bae4266zlsddd {'is_login':True,'username':'hhpsb'}
'''
return render(request, 'login.html')
def index_session(request):
is_login = request.session.get('is_login')
if is_login:
name = request.session.get('username')
now=request.session.get('now')
return render(request, 'index.html', locals())
return redirect('/login_session/')
login.html
<body>
<form action="" method="post">
{% csrf_token %}
用户名 <input type="text" name="user">
密码 <input type="text" name="pwd">
<input type="submit" value="submit">
</form>
</body>
index.html
<body>
<h1>hi {{ name }}</h1>
</body>
浏览访问http://127.0.0.1:8000/login_session/,验证通过后产生cookie
查看django_session表
浏览器访问http://127.0.0.1:8000/index_session/
Update session
Update operation, if a user visited a page, then a second visit will take this cookie sessionid field to access, session_key field in the database table django_session the same, if you add a new session data, session_data will change the database table
views.py
def index_session(request):
is_login = request.session.get('is_login')
if is_login:
name = request.session.get('username')
now=request.session.get('now')
request.session['xxx']='xxx' # 把这条数据加入session,session_data字段立马变化
return render(request, 'index.html', locals())
return redirect('/login_session/')
Based on the deregistration function of session
models.py
from django.db import models
class Userinfo(models.Model):
user=models.CharField(max_length=32)
pwd=models.CharField(max_length=32)
数据库测试数据
urls.py
from django.conf.urls import url
from django.contrib import admin
from app01 import views
urlpatterns = [
url(r'^login_session/', views.login_session),
url(r'^index_session/', views.index_session),
url(r'^logout/', views.logout),
]
views.py
def login_session(request):
if request.method == 'POST':
user = request.POST.get('user')
pwd = request.POST.get('pwd')
user = Userinfo.objects.filter(user=user, pwd=pwd).first()
if user:
request.session['is_login'] = True
request.session['username'] = 'hppsb'
import datetime
now = datetime.datetime.now().strftime('%Y-%m-%d %X')
request.session['now'] = now
return redirect('/index_session/')
'''
1. 生成一个随机字符串 0ps4avkhy95v4hbh1f0bae4266zlsddd
2. response.set_cookie('sessionid',dfrtghhtyr)
3. 在django session 表中创建记录
session-key session-data
0ps4avkhy95v4hbh1f0bae4266zlsddd {'is_login':True,'username':'hhpsb'}
'''
return render(request, 'login.html')
def index_session(request):
is_login = request.session.get('is_login')
if is_login:
name = request.session.get('username')
now=request.session.get('now')
return render(request, 'index.html', locals())
return redirect('/login_session/')
def logout(request):
request.session.flush()
'''
做的三步操作:
1. randon_str=request.COOKIE.get('sessionid')
2. django-session.objects.filter(session-key=randon_str).delete()
3. response.delete_cookie("sessionid",randon_str)
'''
return redirect('/login_session/')login.html
<body>
<form action="" method="post">
{% csrf_token %}
用户名 <input type="text" name="user">
密码 <input type="text" name="pwd">
<input type="submit" value="submit">
</form>
</body>
index.html
<body>
<h1>hi {{ name }}</h1>
</body>
浏览器访问http://127.0.0.1:8000/index_session/ 按注销跳转到登录页面
session configuration parameters
配置settings.py
SESSION_ENGINE = 'django.contrib.sessions.backends.db' # 引擎(默认)
SESSION_COOKIE_NAME = "sessionid" # Session的cookie保存在浏览器上时的key, 即: sessionid=随机字符串(默认)
SESSION_COOKIE_PATH = "/" # Session的cookie保存的路径(默认)
SESSION_COOKIE_DOMAIN = None # Session的cookie保存的域名(默认)
SESSION_COOKIE_SECURE = False # 是否Https传输Cookie(默认)
SESSION_COOKIE_HTTPONLY = True # 是否Session的Cookie只支持http传输(默认)
SESSION_COOKIE_AGE = 1209600 # Session的Cookie失效日期(默认)
SESSION_EXPIRE_AT_BROWSER_CLOSE = False # 是否关闭浏览器使得Session过期(默认)
SESSION_SAVE_EVERY_REQUEST = False # 是否每次请求都保存Session, 默认修改后才保存(默认)