Django Cookie相关代码

最新推荐文章于 2021-03-17 10:38:19 发布

linqunbin

最新推荐文章于 2021-03-17 10:38:19 发布

阅读量242

点赞数

CC 4.0 BY-SA版权

分类专栏： Django

本文链接：https://blog.youkuaiyun.com/linqunbin/article/details/93211516

Django 专栏收录该内容

17 篇文章

订阅专栏

Cookie：

设置Cookie，

在views.py函数里：

# 除了key，value是必选的参数，其它都是可选的。
def set_cookie(request):
    res = redirect(request.GET.get('next', 'students'))
    res.set_cookie('cookie_key', 'cookie_value', max_age=60, domain='127.0.0.1', path='/students/grades')
    return res

# max_age 与 expires只能配置一个,max_age是以秒为单位,expires是以具体日期为单位
# 使用expires,需要导入:from datetime import datetime
# 不加max_age和expires,cookie一直有效,直到退出游览器,cookie便失效.
# max_age 与 expires，如果两个都不配置，关闭游览器后，Cookie失效。

获取Cookie，在views.py函数里：

def get_cookie(request):
    get_cookie = request.COOKIES.get('cookie_key', '没有获得任何东西')
    context = {}
    context['get_cookie'] = get_cookie
    return render(request, 'students/grades.html', context)

------------------------------------------------------

使用set_signed_cookie()设置cookie

set_signed_cookie()只是加了签名的 cookie, 而不是被加密的 cookie.

def set_cookie(request):
    res = redirect(request.GET.get('next', 'students'))
    res.set_signed_cookie('cookie_key', 'cookie_value', domain='127.0.0.1', path='/students/grades', salt='linqunbin')
    return res

def get_cookie(request):
    get_cookie = request.get_signed_cookie('cookie_key', '没有获得任何东西', salt='linqunbin')
    context = {}
    context['get_cookie'] = get_cookie
    return render(request, 'students/grades.html', context)

salt：The optional salt argument can be used to provide extra protection against brute force attacks on your secret key.

---------------------------------------------------

删除Cookie:

def logout(request):
    rep = redirect("/login/")
    # 退出时删除之前在浏览器上面设置的cooks
    rep.delete_cookie("login")
    return rep

---------------------------------------------------

set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False, samesite=None)

参数：

key, 键

value='', 值

max_age=None, 超时时间，单位是秒

expires=None, 超时时间(IE requires expires, so set it if hasn't been already.)

path='/', Cookie生效的路径，/ 表示根路径，特殊的：跟路径的cookie可以被任何url的页面访问

domain=None, Cookie生效的域名

secure=False, https传输

httponly=False 只能http协议传输，无法被JavaScript获取（不是绝对，底层抓包可以获取到也可以被覆盖）由于cookie保存在客户端的电脑上，所以，JavaScript和jquery也可以操作cookie。

HttpResponse.set_cookie(key, value='', max_age=None, expires=None, path='/', domain=None, secure=None, httponly=False, samesite=None)

Sets a cookie. The parameters are the same as in the Morsel cookie object in the Python standard library.

max_age should be a number of seconds, or None (default) if the cookie should last only as long as the client’s browser session. If expires is not specified, it will be calculated.

expires should either be a string in the format "Wdy, DD-Mon-YY HH:MM:SS GMT" or a datetime.datetime object in UTC. If expires is a datetime object, the max_age will be calculated.

Use domain if you want to set a cross-domain cookie. For example, domain="example.com" will set a cookie that is readable by the domains www.example.com, blog.example.com, etc. Otherwise, a cookie will only be readable by the domain that set it.

Use httponly=True if you want to prevent client-side JavaScript from having access to the cookie.

HttpOnly is a flag included in a Set-Cookie HTTP response header. It’s part of the RFC 6265 standard for cookies and can be a useful way to mitigate the risk of a client-side script accessing the protected cookie data.

Use samesite='Strict' or samesite='Lax' to tell the browser not to send this cookie when performing a cross-origin request. SameSite isn’t supported by all browsers, so it’s not a replacement for Django’s CSRF protection, but rather a defense in depth measure.

----------------------------