Python Django简单实现session登录注销过程详解

urlpatterns = [
 path('admin/', admin.site.urls),
 path('app01/', include('app01.urls'))
]

urlpatterns = [
 path('login/', views.login),
 path('index/', views.index),
]

# Create your views here.
from django.shortcuts import HttpResponse, render, redirect
def login(request):
 if request.method == 'GET':
  return render(request, 'login.html')
 elif request.method == 'POST':
  user = request.POST.get('username')
  pwd = request.POST.get('pwd')
  if user == 'song' and pwd == '123':
   # 往session里写入数据的时候，Django会自动生成随机码，发送给cookie，然后自己保留一份跟cookie一一对应
   request.session['username'] = user
   request.session['is_login'] = True
   #设置session（同时对应的cookie）超时时间，按秒计算
   request.session.set_expiry(60)
   # 路径已经要写全，把/app01带上，以前好像不带是可以的
   return redirect('/app01/index/')
  else:
   return render(request, 'login.html')
def index(request):
 # 拿到cookie对应的随机码，来查找session里的is_login字段是否True，如果通过则表示通过
 if request.session.get('is_login', None):
  return render(request, 'index.html')
 else:
  return HttpResponse('滚')
def logout(request):
 # 清除当前对应session所有数据
 request.session.clear()
 # 路径已经要写全，把/app01带上，以前好像不带是可以的
 return redirect('/app01/login')

<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <title>Title</title>
</head>
<body>
 <div>
  <form action="/app01/login/" method="post">
   <input type="text" name="username">
   <input type="password" name="pwd">
   <input type="submit" value="提交">
  </form>
 </div>
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <title>Title</title>
</head>
<body>
 <h1>登录成功</h1>
 <div>
  <a href="/app01/logout/" rel="external nofollow" rel="external nofollow" >注销</a>
 </div>
</body>
</html>

python manage.py makemigrations
python manage.py migrate

from django.db import models
# Create your models here.
class UserInfo(models.Model):
 username = models.CharField(max_length=16)
 password = models.CharField(max_length=32)

from django.contrib import admin
from django.urls import path,include
from app01 import views
from django.conf.urls import url
urlpatterns = [
 # path('login/', views.login),
 path('index/', views.index),
 # path('logout/', views.logout),
 # path('fm/', views.fm),
 path('aa/', views.aa),
 path('select/', views.select),
]

# Create your views here.
from django.shortcuts import HttpResponse, render, redirect
from django.views.decorators.csrf import csrf_exempt,csrf_protect
from app01 import models
from functools import wraps
#做session验证的的装饰器，
def checklogin(func):
 @wraps(func)
 def wrapper(request,*args,**kwargs):
  if request.session.get('is_login') == '1':
   return func(request,*args,**kwargs)
  else:
   return redirect('/app01/aa')
 return wrapper

def aa(requrst):
 if requrst.method == 'GET':
  print('get')
  return render(requrst, 'aa.html')
 elif requrst.method == 'POST':
  username = requrst.POST.get('username')
  pwd = requrst.POST.get('password')
  user = models.UserInfo.objects.filter(username=username,password=pwd)
  # print(type(pwd))
  # print(models.UserInfo.objects.filter(username=username).values('password'))
  if user:
   #如果输入的账户名跟数据库中的账户名密码相匹配就忘session信息里写入一条is_login的数据
   #同时随机生成的字符串ID也写到cookie里当做sessionid使用
   requrst.session['is_login'] = '1'
   return redirect('/app01/index')
  return redirect('/app01/aa')

#在访问页面的时候先做验证，拿自己的cookie里的sessionid去跟服务器端的session_key做对比
#对比认证通过就允许访问
@checklogin
def index(request):
 return render(request,'index.html')

<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <title>aa</title>
</head>
<body>
 <h1>aa页面</h1>
 <form action="/app01/aa/" method="POST">
 {% csrf_token %}
  <p>用户名：
 <input type="text" name="username">
  </p>
  <p>密码：
 <input type="password" name="password">
  </p>
  <input type="submit" value="提交">
 </form>
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
 <meta charset="UTF-8">
 <title>Title</title>
</head>
<body>
 <h1>登录成功</h1>
 <div>
  <a href="/app01/logout/" rel="external nofollow" rel="external nofollow" >注销</a>
 </div>
</body>
</html>