One, HTTP request cycle browser (socket client): 2.socket.connect (IP, port) 3.socket.send ( " rules: http protocol get Request: "get /index.html?k1=1&k2=2 http/1.1\r\nhost:www.xiaohuar.com\r\ncontent-type: application/json\r\n\r\n " request header and request body using \r\n\r\n Split, Front is the request header, followed by a request for the post Request: "POST / Index.html?k1=1&k2=2 http/1.1\r\nhost:www.xiaohuar.com\r\ncontent-type: application/json\r \n\r\nusername=alex&pwd=123 " The request header and the request body use the \r\n\r\n split, preceded by the request header, followed by the request body 6. Get Response Response Head, Response body = data.split (' \r\n\r\n ') 7. Disconnecting the web end: 1. Server run: ip, Port 4. String = server.recv () Head, Body = data.split ("\r\n\r\n") 5. Service-side response. conn.send (' ... ') Response Head: response body: 7. Disconnection Summary: a. The HTTP request is essentially a string b.http request short link (request, response Disconnect) c. Both the request and the response have: head, body Request: Request Header \r\n\r\n Request Body Response: Response Header \r\n\r\n Response Body Third, the cookie and the Sessioncookie is the client browser requests the service side to log in, the service side generates the key value pair to carry in the response header, the next client request, the service side will first verify the cookie existence, exists does not need to log on again, Otherwise, the new login session is the client login server, The validation will randomly generate a string as key in the Django.session table, the value is also a dictionary, is the program set some user information, and the response header will carry this key back to the client, it is more secure. Session Authentication Login Exit Process: Def auth (func): def inner (Request,*args,**kwargs): ck = request.session.get (' uuuuuuuu ') if not ck: return redirect ('/login.html ') return Func (Request, *args, **kwargs) return inner@authdef index (Request): user = request.session.get (' uuuuuuuu ') return Render (Request, ' index.html ', {' user ': user}) Def login (Request): if request.method == "GET": return render (Request, ' login.html ') else : user = request. Post.get (' user ') pwd = request. Post.get (' pwd ') pwd = encrypt (PWD) obj = models.userinfo.objects.filter (USERNAME=USER,PASSWORD=PWD). () if obj: request.session[' uuuuuuuu '] = user #存放在django. In the dictionary value for this user key in the session request.session.set_expiry (5) return redirect ('/index.html ') else: &Nbsp; return render (Request, ' login.html ', {' msg ': ' Username or password error '})
Def logout (Request): request.session.clear () return Redirect ('/login.html ') session about configuration (settings.py configuration file) # session_engine = ' Django.contrib.sessions.backends.db ' # engine (default) ## session_cookie_name = " SessionID " # session COOKIE is stored on the browser when the key, that is: sessionid= random string (default) # session_cookie_path = "/" # session COOKIE-Saved path (default) # session_cookie_domain = none # session the domain name saved by the COOKIE (default) # session_cookie_secure = false # Whether the HTTPS transport COOKIE (default) # session_cookie_httponly = true # Whether the SESSION COOKIE only supports HTTP transport (default) # session_cookie_age = 1209600 # SESSION's Cookie expiration date (2 weeks) (default) # session_expire_at_browser_close = false # Whether to close the browser so that the SESSION expires (default) # session_save_every_request = true #&nbSP; If the session is saved every time the request is changed, the default is not saved (default)
Iv. Csrf_token Cross-site request forgery, post submission data to avoid other sites through the user session information to obtain information, need to use {% Csrf_token%}, in the AJAX submission, you can use the following methods: $.ajax ({ URL: "/icbc.html", type: "POST", data: {' K1 ': ' v1 ', ' K2 ': ' v2 ', ' Csrfmiddlewaretoken ': "{{Csrf_token}}"}, Success:function (ARG) {Console.log (ARG)}})
This article is from the "Linux Technology" blog, so be sure to keep this source http://haoyonghui.blog.51cto.com/4278020/1962423
Django session, paging, database learning