-cookie
-是什么?存储在客户端浏览器上的键值对
-原理
是服务器产生,发给客户端浏览器,浏览器保存起来,下次发请求,会携带这个键值对到服务器
-Cookie的覆盖
先写了一个键值对,后来再写,会把原来的值覆盖掉
-cookie使用(**********************)
-写cookie:在Httpresponse这个对象上写
-obj.set_cookie(key,value)
-取cookie:从request对象中取,取出来是个字典request.COOKIES
-删除cookie:
obj.delete_cookie('name')
-登录认证装饰器,登录之后才能访问固定的页面
def login_auth(func):
def inner(request, *args, **kwargs):
# 拿到之前访问的路径
# 这个不行,因为取不到数据部分
# url=request.path
url = request.get_full_path()
is_login = request.COOKIES.get('is_login')
if is_login:
res = func(request, *args, **kwargs)
return res
else:
return redirect('/login/?next=%s' % url)
return inner
-cookie的其他属性
-加盐cooke
-超时时间max_age,传一个秒的时间
-超时时间expires,传一个datatime对象
-path='/',可以设置路径,设置路径之后,path='/index/',只有访问index的时候,才会携带cookie过来
-domain 设置域名下有效domain='map.baidu.com'
-secure=False, (默认是false,设置成True浏览器将通过HTTPS来回传cookie)
-httponly=True 只能https协议传输,无法被JavaScript获取(不是绝对,底层抓包可以获取到也可以被覆盖)
-session
-解决cookie不安全的问题,
-存在服务器上的键值对{'sdaf随机字符串':{name:lqz,pwd:123}}
-用session必须跟cookie连用
-session使用(****************)
-设置值
-request.session['name']='lqz'
-如果设置多个,它会以字典的形式存储到session表中的session_data中
-生成session时:
1 生成随机字符串:dfasfasdfa
2 取数据库存储
3 写入cookie(set_cookie('sessionid','dfasfasdfa'))
-取值
name=request.session['name']
-执行流程:
-取到cookie的随机字符串
-取session表中根据随机字符串查询,查询出session_data这个字典,然后把字典中name返回
-删除值
-# 取出cookie,随机字符串,去数据库删除随机字符串是当前值的记录
request.session.delete()
-#既删除cookie,又删除数据库
request.session.flush()
-session其他属性
-request.session.setdefault('k1',123) # 存在则不设置
-取到随机字符串,浏览器带过来的cookie的值
print(request.session.session_key)
内部
request.COOKIES.get('sessionid')
-清空失效的session
request.session.clear_expired()
-校验sessionid是否存在
request.session.exists("session_key")
-
session的配置
-不但能放到数据库,还能放到文件中,redis(内存数据库)
-----------------------------基于cookie的登录装饰器--------------------------------------------
def login_auth(func):
def inner(request, *args, **kwargs):
url = request.get_full_path()
is_login = request.COOKIES.get('is_login')
if is_login:
res = func(request, *args, **kwargs)
return res
return redirect('/login/?next=%s'%url)
return inner
def login(request):
if request.method == "GET":
return render(request, 'login.html')
else:
next = request.GET.get('next')
name = request.POST.get('name')
pwd = request.POST.get('pwd')
if name == 'zjh' and pwd == '123':
if next:
obj = redirect(next)
else:
obj = redirect('/shopping/')
obj.set_cookie('is_login', True)
return obj
else:
return HttpResponse('用户名或密码错误')
@login_auth
def order(request):
return HttpResponse('我是看登录页面的,登录才能看')
def shopping(request):
return HttpResponse('我是看购物页面的,登录才能看')
def set_cookie(request):
obj = HttpResponse('我是set_cookie')
# obj.set_signed_cookie('name','zjh',salt='123')
obj.set_cookie('name','zjh',max_age=20)
return obj
def get_set_cookie(request):
name = request.COOKIES.get('name')
print(name)
return HttpResponse('获取加盐的cookie')
# -------------------------session--------------------------------------
def delete_session(request):
# request.session.flush()
request.session['name']='zjh'
request.session['pwd']='123'
return HttpResponse('set_session')
def get_session(request):
name=request.session['name']
print(name)
return HttpResponse('get_session')
# --------------------------------------session登录装饰器--------------------------------------
def session_auth(func):
def inner(request,*args,**kwargs):
url = request.get_full_path()
# is_session = request.session.get('is_session')
is_session = request.COOKIES.get('sessionid')
print(is_session)
if is_session:
res = func(request,*args,**kwargs)
# request.session.flush()
return res
else:
return redirect('/session_login/?next=%s'%url)
return inner
def session_login(request):
if request.method == 'GET':
return render(request,'login.html')
else:
request.session['name'] = 'zjh'
request.session['pwd'] = '123'
next = request.GET.get('next')
name = request.POST.get('name')
pwd = request.POST.get('pwd')
# user_name = request.session['name']
# user_pwd = request.session['pwd']
#
# user_name = request.session.get('name')
# user_pwd = request.session.get('pwd')
print(user_name,user_pwd)
if name==user_name and pwd==user_pwd:
# request.session['is_session'] = True
if next:
print(next)
return redirect(next)
else:
obj = redirect('/shopping/')
return obj
return HttpResponse('用户名或密码错误')
@session_auth
def session_order(request):
return HttpResponse('我是order')