Python Django简单实现session登录注销过程详解

urlpatterns = [ path('admin/', admin.site.urls), path('app01/', include('app01.urls'))]

urlpatterns = [ path('login/', views.login), path('index/', views.index),]

# Create your views here.from django.shortcuts import HttpResponse, render, redirectdef login(request): if request.method == 'GET':  return render(request, 'login.html') elif request.method == 'POST':  user = request.POST.get('username')  pwd = request.POST.get('pwd')  if user == 'song' and pwd == '123':   # 往session里写入数据的时候，Django会自动生成随机码，发送给cookie，然后自己保留一份跟cookie一一对应   request.session['username'] = user   request.session['is_login'] = True   #设置session（同时对应的cookie）超时时间，按秒计算   request.session.set_expiry(60)   # 路径已经要写全，把/app01带上，以前好像不带是可以的   return redirect('/app01/index/')  else:   return render(request, 'login.html')def index(request): # 拿到cookie对应的随机码，来查找session里的is_login字段是否True，如果通过则表示通过 if request.session.get('is_login', None):  return render(request, 'index.html') else:  return HttpResponse('滚')def logout(request): # 清除当前对应session所有数据 request.session.clear() # 路径已经要写全，把/app01带上，以前好像不带是可以的 return redirect('/app01/login')

<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Title</title></head><body> <div>  <form action="/app01/login/" method="post">   <input type="text" name="username">   <input type="password" name="pwd">   <input type="submit" value="提交">  </form> </div></body></html>

<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Title</title></head><body> <h1>登录成功</h1> <div>  <a href="/app01/logout/" rel="external nofollow" rel="external nofollow" >注销</a> </div></body></html>

python manage.py makemigrationspython manage.py migrate

from django.db import models# Create your models here.class UserInfo(models.Model): username = models.CharField(max_length=16) password = models.CharField(max_length=32)

from django.contrib import adminfrom django.urls import path,includefrom app01 import viewsfrom django.conf.urls import urlurlpatterns = [ # path('login/', views.login), path('index/', views.index), # path('logout/', views.logout), # path('fm/', views.fm), path('aa/', views.aa), path('select/', views.select),]

# Create your views here.from django.shortcuts import HttpResponse, render, redirectfrom django.views.decorators.csrf import csrf_exempt,csrf_protectfrom app01 import modelsfrom functools import wraps#做session验证的的装饰器，def checklogin(func): @wraps(func) def wrapper(request,*args,**kwargs):  if request.session.get('is_login') == '1':   return func(request,*args,**kwargs)  else:   return redirect('/app01/aa') return wrapperdef aa(requrst): if requrst.method == 'GET':  print('get')  return render(requrst, 'aa.html') elif requrst.method == 'POST':  username = requrst.POST.get('username')  pwd = requrst.POST.get('password')  user = models.UserInfo.objects.filter(username=username,password=pwd)  # print(type(pwd))  # print(models.UserInfo.objects.filter(username=username).values('password'))  if user:   #如果输入的账户名跟数据库中的账户名密码相匹配就忘session信息里写入一条is_login的数据   #同时随机生成的字符串ID也写到cookie里当做sessionid使用   requrst.session['is_login'] = '1'   return redirect('/app01/index')  return redirect('/app01/aa')#在访问页面的时候先做验证，拿自己的cookie里的sessionid去跟服务器端的session_key做对比#对比认证通过就允许访问@checklogindef index(request): return render(request,'index.html')

<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>aa</title></head><body> <h1>aa页面</h1> <form action="/app01/aa/" method="POST"> {% csrf_token %}  <p>用户名： <input type="text" name="username">  </p>  <p>密码： <input type="password" name="password">  </p>  <input type="submit" value="提交"> </form></body></html>

<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <title>Title</title></head><body> <h1>登录成功</h1> <div>  <a href="/app01/logout/" rel="external nofollow" rel="external nofollow" >注销</a> </div></body></html>