我正在Django上创建一个Web应用程序。当登录用户点击“退出”时,会正确显示退出页面。但是,当单击浏览器中的后退按钮时,用户可以再次重新进入会话。为了解决这个问题,我关注了这篇文章:Disable browser 'Back' button after logout?,并使用了cache_control。但是,用户仍然可以重新进入“关闭”状态。单击后退按钮进行会话。这是相关代码:
views.py:
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def logout_view(request):
#c={}
#c.update(csrf(request))
logout(request)
#request.session.flush()
#request.user = AnonymousUser
#Redirect to logout page
return render_to_response('gamestore/logout.html')
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
def login_view(request):
#do something
settings.py:
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
import os
BASE_DIR = os.path.dirname(os.path.dirname(__file__))
SETTINGS_PATH = os.path.realpath(os.path.dirname(__file__))
DATABASE_PATH = os.path.join(BASE_DIR, 'db.sqlite3')
TEMPLATE_DIRS = (
# Put strings here, like "/home/html/django_templates" or "C:/www/django/templates".
# Always use forward slashes, even on Windows.
# Don't forget to use absolute paths, not relative paths.
#"/home/mukhera3/Desktop/wsdProject/gamestore/templates", #TODO use absolute path here
)
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '[the-secret-key-needs-to-stay-secret]'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
TEMPLATE_DEBUG = True
ALLOWED_HOSTS = []
# Application definition
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'gamestore',
)
MIDDLEWARE_CLASSES = (
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
)
ROOT_URLCONF = 'wsdProject.urls'
WSGI_APPLICATION = 'wsdProject.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.sqlite3',
'NAME': DATABASE_PATH,
}
}
# Internationalization
# https://docs.djangoproject.com/en/1.7/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Static files (CSS, JavaScript, Images)
# https://docs.djangoproject.com/en/1.7/howto/static-files/
STATIC_URL = '/static/'
我是Django和Python编码的新手,因此可能会出现一些基本错误。请帮忙
答案 0 :(得分:1)
是的,即使在使用“@cache_control”
后也无效我找到了来自doc的django 1.7或更高版本的解决方案。
请看下面的代码
from django.contrib.auth.decorators import login_required
@login_required(login_url='/login/')
def myview(request):
return HttpResponse(render(request,'path_to_your_view.html'))
@login_required装饰器用于处理问题。您可以在doc中查看更多信息。
答案 1 :(得分:0)
我尝试了这种解决方案,并且对我有用。我把@cache_control(no_cache = True,must_revalidate = True,no_store = True)和@login_required都放在下面的代码中。
谨防进口现金管制。
如果我不选择其中之一,它将不起作用。他们一起工作。请看下面的代码
from django.contrib.auth.decorators import login_required
from django.views.decorators.cache import cache_control
@cache_control(no_cache=True, must_revalidate=True, no_store=True)
@login_required(login_url='login')
def myview(request):
return HttpResponse(render(request,'path_to_your_view.html'))
我正在使用django 2.1,并删除了'/ login /'中的正斜杠,而是使用了'login'