Shulou(Shulou.com)06/03 Report--

This article mainly introduces how to use Cookie with Session in Django, which has a certain reference value. Interested friends can refer to it. I hope you can learn a lot after reading this article.

The role of Cookie

Earlier, we talked about Django practical 006:Cookie settings and cross-domain problem handling. Cookie can save user data on the browser. When users visit the server, they will submit the Cookie to the server. Cookie appends the current status, and the server can identify the user's login status through Cookie, which plays the role of simple user identification and user information recording.

The implementation process of Cookie login

1. Users submit their username and password through the form form, which is usually a HTTP request from POST.

two。 The server gets the user's information and starts to verify the user name and password. If it matches the database, we return 200 and throw a Set-Cookie to the browser in the form of 'key' = 'value'.

3. The browser receives the data and Cookie returned by the server response, and then saves the Cookie, which can be seen in the developer application.

4. When the browser sends the request again, it throws the Cookie with 'key' = 'value' to the server again. The server determines that the user has logged in through the field of Cookie, and then processes the user's request according to the demand, otherwise it returns 400 to prompt the user to log in first.

Security risks of Cookie

This is the implementation process of Cookie, and there is an obvious problem here is that as long as the server identifies the correct Cookie, it will process the corresponding data, so as long as the interested person tries to intercept (many HTTP client software can send arbitrary HTTP requests), your Cookie can impersonate the user to access the server and obtain all the user's information, which will pose great security risks to the user.

The introduction of Session

The function of session is similar to that of cookie, and it is also used to record user information and maintain session state, but session relies on cookie. Session is different from storing user data on the server side (the user gets the specific content in the session), while Cookie stores the data on the browser side, so session is much more secure than cookie. We only need to attach the id of session when we set Cookie, and throw the id of session to the server for verification when the user visits the server again.

Enabling of Session

It is very simple to use session in Django. Django encapsulates the session module, which is enabled by default when we create the project. You can find a database table called django_session in the database, which is used to store session data.

The use of Session

The settings save session data, and the specified stored session information is set by reques.session ['key'] = 'value'. The information of session settings can be stored in the django_session database table with base64 coding by accessing the view through the browser.

To read session data, it is also very simple to get the corresponding value through request.session.get ('key'), which can be read from the django_session database table.

Use Session with Cookie

Input sessionid as the storage value of the front end in cookie. In order to ensure the uniqueness of sessionid, my easiest way is to use uuid to generate a random string, then set the session value in sessionid, and then set an expiration time for set_cookie, so that as soon as time expires, a new sessionid will be generated again (you can also define it if you think uuid4 () will still repeat).

What you see on the browser side is a random string. When the user accesses the server, cookie throws the sessionid to the server. The server verifies whether the corresponding value of sessionid is the value of the corresponding key read in the django_session database table. If so, the data request operation is performed, otherwise 400 is returned to tell the front end that the operation failed.

Thank you for reading this article carefully. I hope the article "how to use Cookie with Session in Django" shared by the editor will be helpful to everyone. At the same time, I also hope you will support us and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.