Look at the document djang with a user login verification method, but some look at the foolish, go to the Internet to find a circle, found that many are copying the document description, hardly say what the principle is.
In particular,
from django.contrib.auth import authenticate
It's said that this is the way, but it seems that the document says that using the model that comes with django can validate user login.
But business requirements are not needed, and it is impossible to use django's user model, which is usually customized
So customize a user model
class User(models.Model): class Meta: db_table = 'user' username = models.CharField(max_length=20,null=True,unique=True) password = models.CharField(max_length=128) create_date = models.DateTimeField(auto_now_add=True)
There are two attributes: usernam and password
At the same time, specify which user login authentication model is in sessting, and use django's default user login authentication table to verify if not specified.
AUTH_USER_MODEL = 'user.User' #app Name.Table name
But it seems that django also brings a session session session to save database tables.
As long as login validation is done, it will also be saved in the django_session table. It seems that it can be turned off in settings, but it will not be automatically cleared until the expiration time (default 30 days), but will be saved in the table all the time.
from django.contrib.auth import authenticate,login def login_auth(request): # If the user logs in and wants to visit again login,Verification cookes Contains is_login The field returns index page if request.COOKIES.get('is_login'): return redirect(reverse('user:index')) if request.POST.method == 'POST': # Write one on the front page loginform Login box username = request.POST.get('username') password= request.POST.get('password') # Find data containing this field in the specified model,If the instance exists, continue user = authenticate(username=username,password=password) if user: # from django.contrib.auth.decorators import login_required # Look at the source code to see the user instance to be queried pk (id) join session Use login_required Determine whether it is a logged-in user # It can also be used request.user.is_authenticated View other attributes of logged-in users login(request,user) # Prevent logged-in users from entering request.COOKIES['is_login'] = True # obtain cookies Previous page before jumping login next = request.COOKIES.get('next') if next: return redirect(reverse(next)) return redirect(reverse('user:index')) return render(request,'user/login.html')
The source code also makes an attribute setting for request.user, which can be authenticated as a login user by request.user.is_authenticated, and can also be used in html template?
Exit logout
from django.contrib.auth import logout def logout(request): logout(request) return redirect(reverse("user:index"))
Authentication of user login view
from django.contrib.auth.decorators import login_required @login_required def xxx(): pass
If you don't want to do this, and you don't want to save session s in the database, replace login
Users can use string dictionaries for less important data
request.COOKES['user']="user_id:%s" user.id
Keep in cookies (username or id primary key) and use a reversible encryption algorithm to encrypt
If the user requests a decryption, if it contains the user field and the user_id in the field
user = request.COOKES.get('user') if user: # Make your decryption and get it recorded user Of values value
...
if 'user_id' in values: # To confirm that it is a landing user, please proceed to the next step. else: ....