使用login()会丢失会话数据
问题描述:
会话何时被创建和销毁? 在我的应用程序有使用login()会丢失会话数据
def app_login(request):
request.session.set_expiry(0)
if 'current_day' not in request.session:
request.session['current_day'] = Utilities.default_day()
再往我使用:
login(request, user)
如果我登录作为一个用户,这正常工作和“CURRENT_DAY”保留在会话。但是,如果我以该用户身份注销并以另一用户身份登录,则'current_day'会丢失,并且在调用login()后不会立即可用。
我认为
logout(request)
不会清除会话,而当第二个用户试图登录数据“current_'day”仍然可以在会话但调用登录信息(用户)可能会创建一个新的会议。
这个假设是否正确,以及如何更好地解决这个问题?
答
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
if user is None:
user = request.user
# TODO: It would be nice to support different login methods, like signed cookies.
if SESSION_KEY in request.session:
if request.session[SESSION_KEY] != user.pk:
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
if hasattr(request, 'user'):
request.user = user
user_logged_in.send(sender=user.__class__, request=request, user=user)
匿名会话被保留(他们没有一个SESSION_KEY
),重新登录为不同的用户刷新会话。
退出也刷新了本届会议:
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
这些是仅有的两个情况下,当会话被刷新。
你应该在登录后设置current_day
(或检查与自定义的中间件每一个请求它的存在)。
是的,我会按照您的建议进行操作,并在登录后立即设置当天。 – jimscafe 2013-04-05 09:51:02