request对象中只能获取前端传递过来的cookie,要想给前端设置cookie,需要构建response对象后调用set_cookie方法
一、cookie
1.获取cookie
request.COOKIES['key']
request.COOKIES.get['key']
# 签名cookie,在设置时进行了签名加密
request.get_signed_cookie(key, default=RAISE_ERROR, salt='', max_age=None)
2.设置cookie
rep = HttpResponse(...)
rep = render(request, ...)
rep = redirect( ...)
rep.set_cookie(key,value,...)
rep.set_signed_cookie(key,value,salt='加密盐', max_age=None, ...) # 签名cookie
参数:
max_age=None, 超时时间
expires=None, 超时时间
path=’/’, Cookie生效的路径,/ 表示根路径,特殊的:根路径的cookie可以被任何url的页面访问
domain=None, Cookie生效的域名
secure=False, https传输
httponly=False 只能http协议传输,无法被JavaScript获取(不是绝对,底层抓包可以获取到也可以被覆盖)
3.删除cookie
rep.delete_cookie(key)
4.通过cookie实现登录后跳转源网页
使用@login_required装饰器时,跳转到登陆页面时会带上next参数
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
if username and password:
user = auth.authenticate(request, username=username, password=password)
if user and user.is_active:
auth.login(request, user)
resp = redirect(request.COOKIES.get("next_url", "/"))
# 判断登陆成功,删除对应的cookie
resp.delete_cookie("next_url")
return resp
else:
return render(request, 'registration/login.html', {'msg': '用户名或密码错误'})
else:
response = render(request, 'registration/login.html')
next_url = request.GET.get("next", "/")
# max_age和expires默认为None,此时cookie为临时的,只存在浏览器内存中, 关闭浏览器则自动删除
response.set_cookie("next_url", next_url)
return response
二、session
- 创建session
request.session['KEY'] = VALUE
- 取值
value = request.session['KEY']
- 删除
del request.session['KEY']
- settings.py中的配置
django中默认将session存在数据库中,浏览器关闭后并不会消失
保存期限大约2周,可通过设置修改
#1.指定session在cookies中的保存时长
SESSION_COOKIE_AGE = 60*30
#2.设置浏览器关闭时,session失效
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
参考:https://www.cnblogs.com/hnlmy/p/10617703.html