cookie和session
发展史
一开始,只有一个页面,没有登录功能,大家看到东西都一样。
时代发展,出现了需要登录注册的网站,要有一门技术存储我们的登录信息,于是cookie诞生了。
cookie:
时代再度发展,需要有一门新的安全的技术,于是有了session。
session:
django操作cookies
设置cookie
def login(request, *args, **kwargs):
if request.method == 'POST':
username = request.POST.get("username")
password = request.POST.get("password")
if username == "kevin" and password == "123":
obj = HttpResponse("ok")
obj.set_cookie('sign', 'user')
return obj
else:
return redirect('/login/')
return render(request, 'login.html')取值cookie验证
def home(request, *args, **kwargs):
sign = request.COOKIES.get('sign')
if sign and sign == 'user':
return HttpResponse("这是home页面")
else:
return redirect('/login/')设置过期时间
obj.set_cookie('sign', 'user', expires=3)
obj.set_cookie('sign', 'user', max_age=3)删除cookie
def logout(request, *args, **kwargs):
obj = redirect('/home/')
# 设置超时时间 5s 到期
obj.delete_cookie('sign')
return objdjango操作session
设置session
request.session['sign'] = 'user'取值session
def login(request, *args, **kwargs):
# next_url = request.get_full_path()
# print(next_url) # /login/?next_url=/home/
if request.method == 'POST':
username = request.POST.get("username")
password = request.POST.get("password")
if username == "dream" and password == "521":
# next_url = request.GET.get('next_url')
# print(next_url) # /home/
request.session['sign'] = 'user'
obj = redirect('/home/')
# 设置过期时间
# obj.set_cookie('sign', 'user', expires=3)
# obj.set_cookie('sign', 'user', max_age=3)
return obj
else:
return redirect('/login/')
return render(request, 'login.html')
def login_auth(func):
def inner(request, *args, **kwargs):
# print(request.path_info) # /home/
# print(request.get_full_path()) # /home/?username=111
next_url = request.get_full_path() # /home/
# print(next_url)# /home/
sign = request.session.get('sign')
# print(sign) # user
if sign and sign == 'user':
res = func(request, *args, **kwargs)
return res
else:
return redirect(f'/login/?next_url={next_url}')
return inner
@login_auth
def home(request, *args, **kwargs):
return HttpResponse("这是home页面")注:
设置session过期时间
request.session['sign'] = 'user'
request.session.set_expiry(0)删除cookie
# 删除session
request.session.delete()
# 把浏览器和数据库里面的session全部清除掉
request.session.flush()CBV加装饰器的三种方法
from django.utils.decorators import method_decorator
# 方式二:放在类视图上面 (放的装饰器函数,name指定你的视图函数里面的方法)
# @method_decorator(login_auth, name='get')
# @method_decorator(login_auth, name='post')
class UserView(View):
# 方式三 : dispactch 方法加装饰器 : 本视图函数内所有的视图都需要走装饰器
@method_decorator(login_auth)
def dispatch(self, request, *args, **kwargs):
# Try to dispatch to the right method; if a method doesn't exist,
# defer to the error handler. Also defer to the error handler if the
# request method isn't on the approved list.
if request.method.lower() in self.http_method_names:
handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
return handler(request, *args, **kwargs)
# 方式一:加载视图函数上面
# @method_decorator(login_auth)
def get(self, request, *args, **kwargs):
return HttpResponse("这是home页面")
def post(self):
...