Django系列11:会话


登录示例_Cookie













Session


Django默认将session存储到django_session表中

session依赖于cookie,根据cookie上session表里去找,cookie清除了,session直接失效;
以后退出登录的时候不要清除cookie退出;清cookie退出,服务器中会产生一条垃圾数据;
seesion是服务端会话技术,数据存储在服务端,当我们调用request.session 存session时,生成一个key,
默认设置一个过去时间,将这条数据的唯一标识(session_key)传给客户端(客户端怎么拿?通过cookie将session_key传递给客户端,客户端给它起了一个新的名字叫session_id,把session_key的值存在session_id里面),下次再找的时候或者以后上来带着session_id或者session_key,根据session_key找到session





Token

models.py
class Student(models.Model):
    s_name = models.CharField(max_length=16, unique=True)
    s_password = models.CharField(max_length=128)
    s_token = models.CharField(max_length=256)
urls.py
    url(r'^register/', views.register, name='register'),

    url(r'^studentlogin/', views.student_login, name='student_login'),

    url(r'^studentmine/', views.student_mine, name='student_mine'),
views.py
def register(request):
    if request.method == "GET":
        return render(request, 'student_register.html')
    elif request.method == "POST":
        username = request.POST.get("username")

        password = request.POST.get("password")

        try:

            student = Student()

            student.s_name = username
            student.s_password = password

            student.save()

        except Exception as e:
            return redirect(reverse("two:register"))

        return HttpResponse("注册成功")


def student_login(request):
    if request.method == "GET":
        return render(request, 'student_login.html')
    elif request.method == "POST":
        username = request.POST.get("username")

        password = request.POST.get("password")

        students = Student.objects.filter(s_name=username).filter(s_password=password)

        if students.exists():

            student = students.first()

            ip = request.META.get("REMOTE_ADDR")

            token = generate_token(ip, username)

            student.s_token = token

            student.save()

            # response = HttpResponse("用户登录成功")
            #
            # response.set_cookie("token", token)
            #
            # return response

            data = {
                "status": 200,
                "msg": "login success",
                "token": token
            }

            return JsonResponse(data=data)
        # return redirect(reverse("two:student_login"))

        data = {
            "status": 800,
            "msg": "verify fail"
        }

        return JsonResponse(data=data)


def generate_token(ip, username):

    c_time = time.ctime()

    r = username

    return hashlib.new("md5", (ip + c_time + r).encode("utf-8")).hexdigest()


def student_mine(request):

    # token = request.COOKIES.get("token")
    token = request.GET.get('token')

    try:
        student = Student.objects.get(s_token=token)
    except Exception as e:
        return redirect(reverse("two:student_login"))

    # return HttpResponse(student.s_name)

    data = {
        "msg": "ok",
        "status": 200,
        "data": {
            "username": student.s_name
        }
    }

    return JsonResponse(data=data)

student_login.html
<form action="{% url 'two:student_login' %}" method="post">


    <span>用户名:</span><input type="text" name="username" placeholder="请输入用户名">
    <br>
    <span>密码:</span><input type="text" name="password" placeholder="请输入你的银行卡密码">
    <br>

    <button>登录</button>
</form>
student_register.html
<form action="{% url 'two:register' %}" method="post">

    <span>用户名:</span><input type="text" name="username" placeholder="请输入用户名">
    <br>
    <span>密码:</span><input type="text" name="password" placeholder="请输入你的银行卡密码">
    <br>

    <button>注册</button>

</form>

CSRF


    {% csrf_token %}
two_login.html
<form action="{% url 'two:login' %}" method="post">

    {% csrf_token %}


{#    <input type="hidden" name="csrfmiddlewaretoken" value="xvHGTCuXBvJ0MLts9GMfkFpispNaqlBsiHJTgMCVuPE6wsf0ijFVqkYtkyZjsLbL">#}

    <span>用户名:</span><input type="text" placeholder="请输入用户名" name="username">

    <br>

    <button>登录</button>

</form>

目前状态

  • MTV
    • 基本完成
    • Template不会再讲了
    • Views也不会再讲了
    • Model
      • Model关系
      • Model继承
  • 高级
    • 第三方插件
    • 底层的部分原理
      • AOP 面向切面编程
        • 反扒
        • 安全
    • 文件上传
    • 前后端分离
      • RESTful
    • 日志
    • 后台管理
    • 用户角色,用户权限
    • 部署
    • 支付宝支付
posted @ 2020-02-07 15:48  xidianzxm  阅读(168)  评论(0编辑  收藏  举报