Relationship between user authentication and session in Django

Session

Session data is stored in the database. It is identified by cookies on the client and serves as a ticket. The name of this cookie, which is "sessionid" by default, can be modified through settings. session_cookie_name.

The cookie value of sessionid is the session_key attribute of the session on the server side. It is also used as the primary key in the database django_session table.

Session implementation involves the following main classes:

1. Session and sessionmanager.

The two are the session model and corresponding managers. They are responsible:

(1) Persistent operations between sessions and databases
(2) session_key Generation Mechanism
(3) serialization/deserialization of session content (a dictionary.

In actual application, we will not directly use these two classes.

2. sessionwrapper

The session functions are similar to dictionary functions, such as setting values and values. This class is the actual type of the request. Session object.

3. sessionmiddleware

One of the built-in middleware of Django is to append the session attribute in the request, and save the session and send the cookie to the client as appropriate when responding to the request.


Several configurable parameters of the session:

Settings. session_save_every_request
Settings. session_expire_at_browser_close
Settings. session_cookie_age
Settings. session_cookie_secure
Settings. session_cookie_domain
Settings. session_cookie_name


User

The user object stored in request. User is lazy-load and has cache.

User authentication process:

1. first, use the authenticate () method to verify the passed user name, password, and other information. If yes, the corresponding user object is returned. At the same time, this method will mark the user object, by attaching user. the backend attribute is used to record the configuration backend that passes the verification. Only one
Backend, Which is Django. contrib. Auth. backends. modelbackend.

2. Call the login Method
If the authentication passes in the previous step, this method simply adds two key values to request. Session:
(1) "_ auth_user_id" this is user. ID
(2) "_ auth_user_backend": User. backend

And implement request. the user attribute is also completed through middleware, and a get_user method is called. This method tries to read the user recorded in the session above. ID and user. backend, and then Command backend to find the relevant
Id. If not found, an anonymoususer is returned. While anonymoususer is an empty implementation and does not have any functions of the user.

You can use is_anonymous () or is_authenticated () to determine whether the user is an anonymous user.


Summary

In Django, the user has little to do with the session, but only uses the session to save the values of user. ID and user. backend.