Django默认状态保持方法
定义在django-contrib-auth-__init__.py中
def login(request, user, backend=None):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
session_auth_hash = ''
if user is None:
user = request.user
if hasattr(user, 'get_session_auth_hash'):
session_auth_hash = user.get_session_auth_hash()
if SESSION_KEY in request.session:
if _get_user_session_key(request) != user.pk or (
session_auth_hash and
not constant_time_compare(request.session.get(HASH_SESSION_KEY, ''), session_auth_hash)):
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
try:
backend = backend or user.backend
except AttributeError:
backends = _get_backends(return_tuples=True)
if len(backends) == 1:
_, backend = backends[0]
else:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.'
)
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
if hasattr(request, 'user'):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
尤其关注:
request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
request.session[BACKEND_SESSION_KEY] = backend
request.session[HASH_SESSION_KEY] = session_auth_hash
一下测试的预期是:前端通过POST请求传来合法的用户注册信息,完成注册后,重定向到主页并保持登陆状态。
(1) session数据保存在redis数据库
# 配置Redis数据库(分库)
CACHES = {
# 默认
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://192.168.18.9:6379/0",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
}
},
# session
"session": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://192.168.18.9:6379/1",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
}
},
# 验证码
"verify_code": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://192.168.18.9:6379/2",
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
}
},
}
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
SESSION_CACHE_ALIAS = "session"
(2) 后端接收到POST请求中合法的用户注册信息
(3) 断点打在
login(request, user)
执行该方法前,redis数据库还没有存入session记录
(4) 断点处Step Over以后
redis数据库出现session记录
断点后继续执行程序,重定向到主页后,发现浏览器cookie中出现对应的sessionid