Django系列11:会话
登录示例_Cookie
Session
Django默认将session存储到django_session表中
session依赖于cookie,根据cookie上session表里去找,cookie清除了,session直接失效;
以后退出登录的时候不要清除cookie退出;清cookie退出,服务器中会产生一条垃圾数据;
seesion是服务端会话技术,数据存储在服务端,当我们调用request.session 存session时,生成一个key,
默认设置一个过去时间,将这条数据的唯一标识(session_key)传给客户端(客户端怎么拿?通过cookie将session_key传递给客户端,客户端给它起了一个新的名字叫session_id,把session_key的值存在session_id里面),下次再找的时候或者以后上来带着session_id或者session_key,根据session_key找到session
Token
models.py
class Student(models.Model):
s_name = models.CharField(max_length=16, unique=True)
s_password = models.CharField(max_length=128)
s_token = models.CharField(max_length=256)
urls.py
url(r'^register/', views.register, name='register'),
url(r'^studentlogin/', views.student_login, name='student_login'),
url(r'^studentmine/', views.student_mine, name='student_mine'),
views.py
def register(request):
if request.method == "GET":
return render(request, 'student_register.html')
elif request.method == "POST":
username = request.POST.get("username")
password = request.POST.get("password")
try:
student = Student()
student.s_name = username
student.s_password = password
student.save()
except Exception as e:
return redirect(reverse("two:register"))
return HttpResponse("注册成功")
def student_login(request):
if request.method == "GET":
return render(request, 'student_login.html')
elif request.method == "POST":
username = request.POST.get("username")
password = request.POST.get("password")
students = Student.objects.filter(s_name=username).filter(s_password=password)
if students.exists():
student = students.first()
ip = request.META.get("REMOTE_ADDR")
token = generate_token(ip, username)
student.s_token = token
student.save()
# response = HttpResponse("用户登录成功")
#
# response.set_cookie("token", token)
#
# return response
data = {
"status": 200,
"msg": "login success",
"token": token
}
return JsonResponse(data=data)
# return redirect(reverse("two:student_login"))
data = {
"status": 800,
"msg": "verify fail"
}
return JsonResponse(data=data)
def generate_token(ip, username):
c_time = time.ctime()
r = username
return hashlib.new("md5", (ip + c_time + r).encode("utf-8")).hexdigest()
def student_mine(request):
# token = request.COOKIES.get("token")
token = request.GET.get('token')
try:
student = Student.objects.get(s_token=token)
except Exception as e:
return redirect(reverse("two:student_login"))
# return HttpResponse(student.s_name)
data = {
"msg": "ok",
"status": 200,
"data": {
"username": student.s_name
}
}
return JsonResponse(data=data)
student_login.html
<form action="{% url 'two:student_login' %}" method="post">
<span>用户名:</span><input type="text" name="username" placeholder="请输入用户名">
<br>
<span>密码:</span><input type="text" name="password" placeholder="请输入你的银行卡密码">
<br>
<button>登录</button>
</form>
student_register.html
<form action="{% url 'two:register' %}" method="post">
<span>用户名:</span><input type="text" name="username" placeholder="请输入用户名">
<br>
<span>密码:</span><input type="text" name="password" placeholder="请输入你的银行卡密码">
<br>
<button>注册</button>
</form>
CSRF
{% csrf_token %}
two_login.html
<form action="{% url 'two:login' %}" method="post">
{% csrf_token %}
{# <input type="hidden" name="csrfmiddlewaretoken" value="xvHGTCuXBvJ0MLts9GMfkFpispNaqlBsiHJTgMCVuPE6wsf0ijFVqkYtkyZjsLbL">#}
<span>用户名:</span><input type="text" placeholder="请输入用户名" name="username">
<br>
<button>登录</button>
</form>
目前状态
- MTV
- 基本完成
- Template不会再讲了
- Views也不会再讲了
- Model
- Model关系
- Model继承
- 高级
- 第三方插件
- 底层的部分原理
- AOP 面向切面编程
- 反扒
- 安全
- AOP 面向切面编程
- 文件上传
- 前后端分离
- RESTful
- 日志
- 后台管理
- 用户角色,用户权限
- 部署
- 支付宝支付