The cookie and session in Django

the principle of cookie and session implementation

　　

HTTP is designed to be "stateless" and each request is in the same space. There is no state hold between a request and the next request, and we cannot identify successive requests from the same person based on any aspect of the request (IP address, user agent, etc.). The implementation of the Django session and Cookie is clearly demonstrated. The server generates two copies of the same cookie string, one saved locally, and a browser sent to the plea. The browser will receive the cookie string is saved, when the next request, the cookie will be sent to the server, the server to get this cookie will be the same as the local preservation of the same judgment, if the same indicates that the user has logged on successfully, save the user login success status. The Django session holds data in the database equivalent to a large dictionary, the key is a cookie string, and value is still a dictionary, the dictionary key and value are set by the user for the relevant information. This makes it easy to access the information inside the session.

Cookies

Cookies are a small piece of information that a browser stores for a WEB server. Each time a browser requests a page from a server, it sends back to the server the cookies it received. It is saved under a folder under the browser.

Cookies under the browser:

Session

The Django session mechanism sends a cookie string to the requesting browser. It is also saved to a local copy to verify that the browser login is the same user. It exists on the server and Django defaults to depositing the session into the database.

The session relies on cookies, and if the browser cannot save the Cooki then the session will expire. Because it requires the browser's Cooki value to be compared in the session. Session is used to save the user's conversation state on the server side.

Operation Session

In the Django operation session:

　Get session:request.session[key] request.session. Get(key)

Set session:reqeust.session[key] = value

Delete session:del request[key]

Request.session is the value that each client corresponds to

A simple Django implementation session code to determine whether the user has successfully logged in:

1 defLogin (Request):2     ifRequest.method = ='POST':3Username = Request. Post.get ('username')4PWD = Request. Post.get ('pwd')5         ifUsername = ='Lisi'  andPWD = ='12345':6             request.session[' is_login ' = True Set session 7             returnredirect'/app01/home/')8 9     returnRender (Request,'login.html')Ten  One defHome (Request): AIs_login =Request.session.get(' Is_login ', False)get the value in session -     ifIs_login: -         returnHttpResponse ('Order') the     Else: -         returnredirect'/app01/login/')

Expiry Time

A cookie can have an expiration time so that the browser knows when the cookie can be deleted. If the cookie does not set an expiration time, the cookie expires automatically when the user closes the browser. You can change the session_expire_at_browser_close settings to control This behavior of the SESSION frame. By default, Session_expire_at_browser_close is set to False so that session cookies can remain valid in the user's browser up to session_cookie_age Seconds (the default setting is two weeks, or 1,209,600 seconds). If you don't want users to have to re-login every time they open a browser, use this parameter to help you. If Session_expire_at_browser_close is set to True, Django will invalidate the cookie when the browser is closed.

session_cookie_age: Set the time the COOKIE survives in the browser

Add in settings.py:

Example

The cookie and session sessions implemented with the front-end mechanism:

1 <!DOCTYPE HTML>2 <HTMLLang= "en">3 <Head>4     <MetaCharSet= "UTF-8">5     <title></title>6 </Head>7 <Body>8     <formAction= "/app01/login/"Method= "POST">9         <inputtype= "text"name= "username" />Ten         <inputtype= "Password"name= "pwd" /> One         <inputtype= "Submit"value= "Submit"/> A     </form> -  - </Body> the </HTML>

login.html

<!DOCTYPE HTML><HTMLLang= "en"><Head>    <MetaCharSet= "UTF-8">    <title></title>    <style>. Header{Height:48px;        }    </style></Head><Body>    <Divclass= "header">        <Divstyle= "Float:right">{{username}}</Div>        <Divstyle= "Float:right"><ahref= "/app01/logout/">Cancellation</a></Div>    </Div>    <Divstyle= "Height:500px;background-color: #ddd"></Div></Body></HTML>

home.html

views.py

defLogin (Request):ifRequest.method = ="POST": Username= Request. Post.get ('username') PWD= Request. Post.get ('pwd')        ifUsername = ='Alex'  andPWD = ='123': request.session['Is_login'] =True request.session['Usrname'] ='Alex'            returnredirect'/app01/home/')        elifUsername = ='Eirc'  andPWD = ='123': request.session['Is_login'] =True request.session['Usrname'] ='Eirc'            returnredirect'/app01/home/')    returnRender (Request,'login.html')defHome (Request): Is_login= Request.session.get ('Is_login', False)ifIs_login:username= Request.session.get ('Usrname', False)returnRender (Request,'home.html', {'username': Username}) Else:        returnredirect"/app01/login/")

The cookie and session in Django