用户投稿简单说cookie,session
cookie的好处,给使用者更好的使用者体验,减少伺服器负担(存在于client端的浏览器)
缺点是有安全问题,且无法存入大量资料
ex:一些广告会再第一次跳进去的时候弹出,关闭时cookie就会记录
session大概和cookie相反,安全度较高,可以储存大量资料(资料库),session会和cookie搭配使用
ex:用户名称
我又再创了一个app,setting,model那些我就不再一一做了
先贴程式码,再来讲
views.py
from django.shortcuts import render, redirectfrom django.http import HttpResponse, JsonResponsefrom django.urls import reversefrom django.views.decorators.csrf import csrf_exemptfrom three.models import Personimport time# Create your views here.def login(request): if request.session.get('username'): return redirect(reverse('three:mine')) return render(request, 'three/login.html')def do_login(request): username = request.POST.get('username') password = request.POST.get('password') person = Person.objects.filter(name=username).filter(password=password) person = person.first() if person: response = HttpResponse('set cookie') response.set_cookie('token', person.token) request.session['username'] = username return redirect(reverse('three:mine')) return redirect(reverse('three:login'))def mine(request): username = request.session.get('username') if username is None: return redirect(reverse('three:login')) token = request.COOKIES.get('token') person = Person.objects.get(token=token) return render(request, 'three/mine.html', context={'username': username})def logout(request): response = redirect(reverse('three:login')) request.session.flush() return responsedef register(request): return render(request, 'three/register.html')@csrf_exemptdef do_register(request): person = Person() username = request.POST.get('username') password = request.POST.get('password') person.name = username person.password = password person.token = generate_token(username) person.save() return redirect(reverse('three:login'))def generate_token(name): return name + str(time.ctime())urls.py
from django.contrib import adminfrom django.urls import path, re_pathfrom three import viewsurlpatterns = [ path('login/', views.login, name='login'), path('do_login/', views.do_login, name='dologin'), path('mine/', views.mine, name='mine'), path('logout/', views.logout, name='logout'), path('register/', views.register, name='register'), path('do_register/', views.do_register, name='doregister'),]login.html
<form action="{% url 'three:dologin'%}" method="post"> {% csrf_token %} <span>username: <input type="text" name="username"></span> <br> <span>password: <input type='password' name="password"></span> <br> <button>submit</button> </form> <a href="{% url 'three:register'%}">register</a>没贴的部分应该也很好打出来,可以试者打
判断是否已经登入,已经登入就跳到mine.html
login
利用post的方式取得使用者输入的资料,根据输入判断是否正确,正确就设置seesion,不正确返回login
do_login
判断session是否存在,是就显示mine.html的画面,不是就回到login
mine
清空session,重新导向到login
logout
register应该没什么好讲的
@csrf_exempt 让你再post请求时不会因为csrf而挡住,也可以写在html就像login.html一样(exempt:豁免)
do_register
token 这边就不细说,session很cookie就很好用了,token通常用在手机
微信扫一扫打赏
支付宝扫一扫打赏
