Django点滴（二）---会话

会话(Session)用来在服务器端保存单个用户的会话状态，一般用于登录以后。会话ID可以通过cookie来传递给客户端，用于识别当前登录的用户。

参考：https://docs.djangoproject.com/en/dev/topics/http/sessions/

开启Session中间件在settings.py中 MIDDLEWARE_CLASSES 加入'django.contrib.sessions.middleware.SessionMiddleware'(默认已经有了)

Session引擎Django默认会使用数据库保存会话状态。此外，还可以设置SESSION_ENGINE 选择使用基于缓存、文件、cookie等方式。强烈建议将SESSION_COOKIE_HTTPONLY置为True，防止恶意脚本读取到SessionID进而伪造跨站攻击。

在View中操作Session对象Session对象定义在backends.base.SessionBase类中。基本用法如下：

def login(request):    m = Member.objects.get(username=request.POST['username'])    if m.password == request.POST['password']:        request.session['member_id'] = m.id        return HttpResponse("You're logged in.")    else:        return HttpResponse("Your username and password didn't match.")

然后发表评论，检测会话判断是否已登录

def post_comment(request, new_comment):    if request.session.get('has_commented', False):        return HttpResponse("You've already commented.")    c = comments.Comment(comment=new_comment)    c.save()    request.session['has_commented'] = True    return HttpResponse('Thanks for your comment!')

最后登出，清除会话

def logout(request):    try:        del request.session['member_id']    except KeyError:        pass    return HttpResponse("You're logged out.")

测试客户端是否支持cookie

def login(request):    if request.method == 'POST':        if request.session.test_cookie_worked():            request.session.delete_test_cookie()            return HttpResponse("You're logged in.")        else:            return HttpResponse("Please enable cookies and try again.")    request.session.set_test_cookie()    return render_to_response('foo/login_form.html')