博客信息
Python Django 视图层(session及应用、Jsonpickle屏蔽序列化属性)
Session简介
1. cookie引入session:
cookie看似解决了HTTP(短连接、无状态)的会话保持问题,但把全部用户数据保存在客户端,存在安全隐患。
2. cookie+session
把关于用户的数据保存在服务端,在客户端cookie里加一个sessionID(随机字符串)
基于以上原因:cookie+session组合就此作古了,还是单单使用cookie做会话保持的方式,用来存储非敏感信息;
3. cookie+session的工作流程:
(1)、当用户来访问服务端时,服务端生成一个随机字符串;
(2)、当用户登录成功后,把 {sessionID :随机字符串} 组织成键值对 加到 cookie里发送给用户;
(3)、服务器已发送给客户端,cookie中的随机字符串做键,用户信息做值,保存用户信息;
4. 保存在服务端session数据格式
session_key SessionStore()
{
session_key 数据字典
sessionid1: {id:1,nam:"alex",account:1000000000 },
sessionid2: {id:1,nam:"eric",account:10}
}
5、 Session存储引擎
#settings.py文件中
#Session默认存储在数据库
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
#内存
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
# 可以存储自定义对象,内存不用json序列化
# 服务器重启,数据丢失
#内存+数据库(双缓存)
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
# 内存速度快,数据库慢
# 储存的步骤,先存到内存,在存到数据库
# 先从内存读,再从数据库读,如果从数据库读到了,再放入内存
#file
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
SESSION_FILE_PATH = os.getcwd()
#signed_cookies
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
# 将数据加密,存到cookie中了(存到浏览器)
准备工作
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'cookie',
'session',
]urlpatterns = [
url(r'^admin/', admin.site.urls),
url(r'^cookie/', include('cookie.urls')),
url(r'^session/', include('session.urls')),
]from django.conf.urls import url, include
import views
urlpatterns = [
url(r'^test1/', views.session_set1),
]Views.py
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.http import HttpResponse
from django.shortcuts import render
# Create your views here.
def session_set1(request):
# SessionStore()
# 设置session数据
request.session['user']='zhangsn'
# 设置过期时间(单位秒)
# request.session.set_expiry(10*60)
# 删除当前user对应的session数据(不清空数据库,也不清除cookie中的sessionid,只删除内存中的数据)
# del request.session['user']
# request.session.clear()
# 清空数据库中的session数据(清空数据库,清除cookie中的sessionid,删除内存中的数据)
request.session.flush()
# 获取sessionid
# print request.session.session_key
return HttpResponse('保存成功!')
启动服务器,会出现下列错误
由于没有models对象,所以直接执行命令就可以解决问题
python manage.py migrate
浏览器输入URL测试
http://127.0.0.1:8000/session/test1/
我们来查看下浏览器中cookie是否有sessionid的值
图解cookie+session的工作流程:
相关代码
urlpatterns = [
url(r'^test1/', views.session_set1),
url(r'^test2/', views.session_get1),
]# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.http import HttpResponse
from django.shortcuts import render
# Create your views here.
def session_set1(request):
# SessionStore()
# 设置session数据
request.session['user']='zhangsn'
# 设置过期时间(单位秒)
# request.session.set_expiry(10*60)
# 删除当前user对应的session数据(不清空数据库,也不清除cookie中的sessionid,只删除内存中的数据)
# del request.session['user']
# request.session.clear()
# 清空数据库中的session数据(清空数据库,清除cookie中的sessionid,删除内存中的数据)
request.session.flush()
# 获取sessionid
# print request.session.session_key
return HttpResponse('保存成功!')
def session_get1(request):
# session中取值
user = request.session['user']
# user = request.session.get('user')
return HttpResponse('datas:%s' % user)Session应用
相关代码
urlpatterns = [
url(r'^test1/', views.session_set1),
url(r'^test2/', views.session_get1),
url(r'^sessionlogin/$', views.sessionlogin_view),
url(r'^usercenter/$', views.center_view),
]class User(object):
def __init__(self, uname, pwd):
self.uname = uname
self.pwd = pwd
import jsonpickle
def sessionlogin_view(request):
if request.method == 'GET':
return render(request,'login_session.html')
else:
uname = request.POST.get('uname', '')
pwd = request.POST.get('pwd', '')
if uname == 'zhangsan' and pwd == '123':
user = User(uname, pwd)
request.session['user'] = jsonpickle.dumps(user)
# request.session['user'] = jsonpickle.encode(user)
return HttpResponseRedirect('/session/usercenter/')
return HttpResponse('登录失败')
def center_view(request):
user = jsonpickle.loads(request.session['user'])
# user = jsonpickle.decode(request.session['user'])
return HttpResponse('欢迎%s登录成功,密码:%s!' % (user.uname,user.pwd))
输入http://127.0.0.1:8000/session/sessionlogin/
测试结果如下
Jsonpickle序列化与反序列化
urlpatterns = [
url(r'^test1/', views.session_set1),
url(r'^test2/', views.session_get1),
url(r'^sessionlogin/$', views.sessionlogin_view),
url(r'^usercenter/$', views.center_view),
url(r'^jsonpickle_session_set/$', views.jsonpickle_session_set),
url(r'^jsonpickle_session_get/$', views.jsonpickle_session_get),
]
class Tea(object):
def __init__(self, tname, pwd):
self.tname = tname
self.pwd = pwd
def __getstate__(self):
data = self.__dict__.copy()
del data['pwd']
return data
def jsonpickle_session_set(request):
if request.method == 'GET':
return render(request, 'jsonpickle_login.html')
else:
tname = request.POST.get('tname', '')
pwd = request.POST.get('pwd', '')
if tname == 'zhangsan' and pwd == '123':
tea = Tea(tname, pwd)
# {"pwd": "123", "py/object": "session.views.Tea", "tname": "zhangsan"}
# ustr = jsonpickle.encode(user)
# {"pwd": "123", "py/object": "session.views.Tea", "tname": "zhangsan"}
tstr = jsonpickle.dumps(tea)
print tstr
request.session['tea'] = tstr
return HttpResponse('jsonpickle序列化成功')
return HttpResponse('jsonpickle序列化失败')
def jsonpickle_session_get(request):
tea = request.session.get('tea', '')
# <demo5.views.User object at 0x0000000003D48588>
# uuser = jsonpickle.decode(user)
# <demo5.views.User object at 0x0000000003D1A0F0>
ttea = jsonpickle.loads(tea)
print ttea
return HttpResponse('Tea:%s' % (ttea.tname))
# return HttpResponse('Tea:%s:%s' % (ttea.tname, ttea.pwd))
over......
按日志类别
按日志日期
友情链接
备案号:湘ICP备19000029号
Copyright © 2018-2019 javaxl晓码阁 版权所有