问题描述:-当我登录(我重定向到所需页面的页面)时,此后,当我注销然后键入页面的URL(登录后显示)时,即时消息仍然可以访问页面(登录后显示,无需登录)
我尝试删除会话,Cookie,甚至是set_expiry(),而且我阅读了logout()这样做的文档,但徒劳无功。
这是我尝试的代码:-
在views.py
def login_view(request):
context = {}
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(request, username=username, password=password)
if user:
login(request, user)
return HttpResponseRedirect(reverse('IP form'))
else:
messages.error(request,'Please provide valid credentials')
return render (request,"first_app/login.html", context)
del request.set_session['username':username]
del request.session['password':password]
del request.delete_cookie['username': username]
del request.delete_cookie['password':password]
else:
return render (request,"first_app/login.html", context)
@login_required
def user_logout(request):
if request.method == "POST":
logout(request)
del request.session['username':username]
del request.session['password':password]
del request.delete_cookie['username': username]
del request.delete_cookie['password':password]
#auth.logout(request)
return HttpResponseRedirect(reverse('login'))
@login_required
def form_name_view(request): #view after login
if not request.user.is_authenticated:
response = HttpResponseRedirect('')
response.delete_cookie('username')
response.delete_cookie('password')
del response.session['username']
del response.session['password']
return response
# del request.session['username']
# del request.session['password']
# return HttpResponseRedirect(reverse('login'))
if request.method == "POST":
form = CmdForm(request.POST)
settings.py
SESSION_EXPIRE_SECONDS = 2
SESSION_EXPIRE_AFTER_LAST_ACTIVITY = True
答案 0 :(得分:0)
您以login()登陆,注销用户应使用logout()。 无需操作会话。
答案 1 :(得分:0)
我想出了我问题的答案。
这是我对代码所做的更改
views.py
def login_view(request):
context = {}
if request.method == "POST":
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(request, username=username, password=password)
if user:
login(request, user)
return HttpResponseRedirect(reverse('IP form'))
else:
messages.error(request,'Please provide valid credentials')
return render (request,"first_app/login.html", context)
else:
return render (request,"first_app/login.html", context)
@login_required
def user_logout(request):
if request.method == "POST":
auth.logout(request)
return HttpResponseRedirect(reverse('login'))
@login_required
def form_name_view(request):
if not request.user.is_authenticated:
logout(request)
response = HttpResponseRedirect('')
return response
if request.method == "POST":
form = CmdForm(request.POST)
#here i just reverted back everything (from where i started)
已完成的更改:-
A)在cmd中运行pip安装django-session-timeout(表示已满足要求)
B)在settings.py
已添加
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django_session_timeout.middleware.SessionTimeoutMiddleware', #<--added
SESSION_EXPIRE_SECONDS = 20
SESSION_EXPIRE_AFTER_LAST_ACTIVITY = True
SESSION_EXPIRE_AT_BROWSER_CLOSE = True #<--- added
SESSION_COOKIE_AGE = 25 #<-- added
和宾果游戏!!一切正常:-)