Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about the setting of Cookie and how to deal with cross-domain problems in Django. Many people may not know much about it. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

What is Cookie (translation: cookies)

Cookie is a piece of plain text information (simply browser cache) stored in the browser, which is used to record the usage of the user and store it in the local device. When the user accesses the server, the Cookie is attached. The server maintains the session state between the user and the server by reading the Cookie record.

How did Cookie get here?

Cookie is generated by the server and is usually presented in the format of key-value pairs (the key value is defined by the server-side developer). When a user accesses the server through a browser, the server will pass Cookie to the browser when returning data (it is recommended not to store sensitive information, as the browser may be used by multiple users).

Why use Cookie?

Cookie is set by the HTTP server, while the HTTP protocol is a stateless protocol. The browser communicates with the server using Socket sockets. When the server returns the result of the request to the browser, it will close the current Socket connection and release resources, so each request for data needs to establish a new connection. The emergence of Cookie makes up for this shortcoming. When the browser sends a request to the server, it will submit all the Cookie information stored in the browser related to the website to the website server. The server uses the information in the Cookie to verify the user's identity and determine the HTTP transmission status, and returns the qualified data to the browser.

Characteristics of Cookie

Cookie is designed based on scope, that is, only the Cookie information under the current domain name can be accessed under the same domain name, but not the Cookie information of other domain names.

How to set up Cookie

Django can respond to the set_cookie of an object through HttpResponse and set the corresponding view and route. As long as the route is accessed through the browser, the browser will automatically obtain the set_cookie value and store it locally (it usually exists in memory when the browser is running, and it is usually stored in the hard disk when the browser is closed).

Common parameters of Cookie

When setting Cookie, you can define multiple parameters, which can be defined according to your own needs, at least with key and value, and others can be omitted by: response.set_cookie ('key', 'value').

Key: key

Value: valu

Max_age: how long will it expire? the time is seconds. The default is None. The temporary cookie setting will disappear when the browser is closed.

Expires: expiration time, specific time

Path: effective path. Default is'/'.

Domain: the domain name in effect, the domain name you bound

Secure:HTTPS should be set to true when transmitting. Default is false.

Httponly: the value is applied to the http transport and cannot be obtained by JavaScript

How to get Cookie

Django can read the Cookie through the COOKIES property of the HttpResponse request object by: request.COOKIES.get ('key'), so that we can directly get the previously set Cookie when the browser accesses the route.

Dealing with cross-domain problems in Cookie

Previously, we simply routed the request, so what would it be like to integrate it into the system? when I bring Cookie into the project (front and rear separation mode), we will find that the same code has never been able to get the cookie value. As mentioned earlier, Cookie is designed based on security domains, so cross-domain processing is not supported, so how do we implement cross-domain access? What we want to use here is "cross-domain resource sharing", a mechanism that allows browsers to gain access to resources specified by different source servers, through which Axios can return with Cookie when visiting the server.

First of all, axios needs to be able to obtain Cookie. For security reasons, the browser does not support obtaining cross-domain Cookie by default, so we need to modify the axios setting and set the withCredentials property to true, that is, allow the browser to set or obtain Cookie. The setting method is set globally directly in main.js, axios.defaults.withCredentials = true.

When the server receives the request, it will decide whether to agree to the request according to its own cross-domain rules. This rule should be given when setting Cookie for the request. Here, you mainly need to set Access-Control-Allow-Origin and Access-Control-Allow-Credentials attributes. Access-Control-Allow-Origin defaults to'*'. Here, you need to change the frontend ip,Access-Control-Allow-Credentials to true.

After reading the above, do you have any further understanding of Cookie settings in Django and how to deal with cross-domain problems? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.