django新手村9-----登入

简单说cookie,session

cookie的好处，给使用者更好的使用者体验，减少服务器负担(存在於client端的浏览器)
缺点是有安全问题，且无法存入大量资料
ex:一些广告会再第一次跳进去的时候弹出，关闭时cookie就会记录

session大概和cookie相反，安全度较高，可以储存大量资料(资料库)，session会和cookie搭配使用
ex:用户名称

我又再创了一个app，setting,model那些我就不再一一做了

先贴程序码，再来讲

views.py

from django.shortcuts import render, redirect
from django.http import HttpResponse, JsonResponse
from django.urls import reverse
from django.views.decorators.csrf import csrf_exempt
from three.models import Person
import time

# Create your views here.
def login(request):
    if request.session.get('username'):
        return redirect(reverse('three:mine'))

    return render(request, 'three/login.html')

def do_login(request):
    username = request.POST.get('username')
    password = request.POST.get('password')

    person = Person.objects.filter(name=username).filter(password=password)
    person = person.first()

    if person:
        response = HttpResponse('set cookie')
        response.set_cookie('token', person.token)
        request.session['username'] = username
        return redirect(reverse('three:mine'))

    return redirect(reverse('three:login'))

def mine(request):

    username = request.session.get('username')
    if username is None:
        return redirect(reverse('three:login'))
    token = request.COOKIES.get('token')
    person = Person.objects.get(token=token)

    return render(request, 'three/mine.html', context={'username': username})

def logout(request):
    response = redirect(reverse('three:login'))
    request.session.flush()
    return response

def register(request):
    return render(request, 'three/register.html')

@csrf_exempt
def do_register(request):
    person = Person()

    username = request.POST.get('username')
    password = request.POST.get('password')

    person.name = username
    person.password = password
    person.token = generate_token(username)

    person.save()
    return redirect(reverse('three:login'))

def generate_token(name):
    return name + str(time.ctime())

urls.py

from django.contrib import admin
from django.urls import path, re_path
from three import views

urlpatterns = [

    path('login/', views.login, name='login'),
    path('do_login/', views.do_login, name='dologin'),
    path('mine/', views.mine, name='mine'),
    path('logout/', views.logout, name='logout'),
    path('register/', views.register, name='register'),
    path('do_register/', views.do_register, name='doregister'),

]

login.html

<form action="{% url 'three:dologin'%}" method="post">
       {% csrf_token %}
        <span>username: <input type="text" name="username"></span>
        <br>
        <span>password: <input type='password' name="password"></span>
        <br>
        <button>submit</button>        
        
    </form>
    <a href="{% url 'three:register'%}">register</a>

没贴的部分应该也很好打出来，可以试者打

判断是否已经登入，已经登入就跳到mine.html
login

利用post的方式取得使用者输入的资料，根据输入判断是否正确，正确就设置seesion，不正确返回login
do_login

判断session是否存在，是就显示mine.html的画面，不是就回到login
mine

清空session，重新导向到login
logout

register应该没什麽好讲的

@csrf_exempt 让你再post请求时不会因为csrf而挡住，也可以写在html就像login.html一样(exempt:豁免)
do_register

token 这边就不细说，session很cookie就很好用了，token通常用在手机