html session

由于html cookie是存储在客户端的,且为明文,故不安全,另外一个支持html间数据传输的为session

 

修改blog/views.py

[root@host-100-100-5-17 alu02]# cat blog/views.py
from django import forms
from django.http import HttpResponse
from django.shortcuts import render_to_response
from models import User
from django.http.response import HttpResponseRedirect

class UserForm(forms.Form):
    username = forms.CharField()
    password = forms.CharField(widget = forms.PasswordInput)
    
def register(req):
    if req.method == 'POST':
        form = UserForm(req.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            User.objects.create(username=username, password=password)
            return HttpResponseRedirect('login')
    else:
        form = UserForm()
    
    return render_to_response('register.html', {'form':form})

def login(req):
    if req.method == 'POST':
        form = UserForm(req.POST)
        if form.is_valid():
            username = form.cleaned_data['username']
            password = form.cleaned_data['password']
            users = User.objects.filter(username=username, password=password)
            if users:
                req.session['username'] = username
                return HttpResponseRedirect('index')
            else:
                return HttpResponseRedirect('login')
    else:
        form = UserForm()
    
    return render_to_response('login.html', {'form':form})

def index(req):
    username = req.session.get('username','anybody')
    return render_to_response('index.html', {'username': username})

def logout(req):
    del req.session['username']
    return HttpResponse('you are logout')
[root@host-100-100-5-17 alu02]#

 

测试页面

 

 

查看session id

 

查看数据库中的session key,可见和firefox中的session id一致

mysql> select * from django_session;
+----------------------------------+--------------------------------------------------------------------------------------+----------------------------+
| session_key                      | session_data                                                                         | expire_date                |
+----------------------------------+--------------------------------------------------------------------------------------+----------------------------+
| q17c9eiikrmpz2vl6im1ye6wxiawoy6k | ZjEwMDIyOWYxMWQyNDM3ODlhMmYxMTQwYjMwZDEzNmI5OWIzMjAxYTp7InVzZXJuYW1lIjoiYWx1MDIifQ== | 2016-03-22 11:51:57.352419 |
+----------------------------------+--------------------------------------------------------------------------------------+----------------------------+
1 row in set (0.00 sec)

mysql>

 

logout会在数据库中改变session data,也就是更新为不可使用值,但是session id在firefox和数据库中均不会被删除

 

mysql> select * from django_session;
+----------------------------------+--------------------------------------------------------------+----------------------------+
| session_key                      | session_data                                                 | expire_date                |
+----------------------------------+--------------------------------------------------------------+----------------------------+
| q17c9eiikrmpz2vl6im1ye6wxiawoy6k | ZTFhOGIxMTdjNzE2NTMzMzc2NGI2MmMxMmIzN2Y0MjI0MDE3NGY4Nzp7fQ== | 2016-03-22 11:54:34.994341 |
+----------------------------------+--------------------------------------------------------------+----------------------------+
1 row in set (0.01 sec)

mysql>

 

posted on 2016-03-08 12:03  onmyway227  阅读(625)  评论(0编辑  收藏  举报

导航