Session的初始化,保存,删除,验证
前言
面向需要验证用户合法性的项目,如果不涉及用户验证,系统不会将session存入数据库。
运行环境
- python 3.7.5
- django 2.2.7
Session的初始化(SessionMiddleware中间件)
django.contrib.sessions.middleware.SessionMiddleware是django处理session的中间件,负责对session进行初始化,以及保存更新session。sessions\middleware.py这个文件代码不长,也就70多行,建议读一下。
class SessionMiddleware(MiddlewareMixin):
# 初始化中间件,指定session使用的引擎
# 默认为django.contrib.sessions.backends.db.SessionStore
def __init__(self, get_response=None):
self.get_response = get_response
engine = import_module(settings.SESSION_ENGINE)
self.SessionStore = engine.SessionStore
# 根据cookie中sessionid的值初始化session,这时的session并没有和数据库的数据关联
# settings.SESSION_COOKIE_NAME为字符串'sessionid'
def process_request(self, request):
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME)
request.session = self.SessionStore(session_key)
# 新增、更新session到数据库
def process_response(self, request, response):
......
Session的验证(AuthenticationMiddleware中间件)
Session对应数据库的数据
django.contrib.auth.middleware.AuthenticationMiddleware,负责从request.session
中找出登录的user
,我们一步步看看它是怎么做的。
首先是auth\middleware.py
中间件代码
from django.contrib import auth
def get_user(request):
if not hasattr(request, '_cached_user'):
request._cached_user = auth.get_user(request)
return request._cached_user
class AuthenticationMiddleware(MiddlewareMixin):
def process_request(self, request):
assert hasattr(request, 'session'), (
"The Django authentication middleware requires session middleware "
"to be installed. Edit your MIDDLEWARE%s setting to insert "
"'django.contrib.sessions.middleware.SessionMiddleware' before "
"'django.contrib.auth.middleware.AuthenticationMiddleware'."
) % ("_CLASSES" if settings.MIDDLEWARE is None else "")
request.user = SimpleLazyObject(lambda: get_user(request))
通过下面这行代码,获取了当前登录的user
from django.contrib import auth
request._cached_user = auth.get_user(request)
继续往下走
auth\__init__.py
回到跳转前的地方
def get_user(request):
"""
Return the user model instance associated with the given request session.
If no user is retrieved, return an instance of `AnonymousUser`.
"""
from .models import AnonymousUser
user = None
try:
user_id = _get_user_session_key(request)
# BACKEND_SESSION_KEY = '_auth_user_backend'
backend_path = request.session[BACKEND_SESSION_KEY]
except KeyError:
pass
else:
if backend_path in settings.AUTHENTICATION_BACKENDS:
backend = load_backend