问题
I am trying to create a website which is authenticated by a custom login. But I have a custom Model for users. How do I authenticate my Website from anonymous Users. Is it possible to create login systems using based on sessions. Actually this is my first django project. Please Guide me. Thank you.
回答1:
While login, after checking username and password create a session in which set their user object or it's object id in it. In this case i kept user id.
def login(request):
if request.method == "GET":
if (Users.objects.filter(username = request.GET.get("uname"), password = request.GET.get("upswd"))).exists():
user = Users.objects.get(username = request.GET.get("uname"), password = request.GET.get("upswd"))
request.session["user"] = user.id
# request.session.set_expiry(10)
# it shows home page
return render(request,"home.html")
#it shows again login page
return render(request,"Login.html")
only in login page you will set session, In remaining you will check whether page contains that session or not.For example, in after login in home page you should check whether request contains user session or not.
if request.session.has_key("user"):
userid = request.session["user"]
#displaying all items in database
context={"items":Products.objects.all()}
return render(request,"home.html",context)
回答2:
It is better to use a POST form instead of a GET request as against the answer above. Also, instead of querying for username and password against your database, use authenticate() function.
from django.contrib.auth import authenticate, login
if request.POST:
if login_form.is_valid():
username = request.POST.get('username')
password = request.POST.get('password')
user = authenticate(username=username, password=password)
if user:
login(request, user)
# do something or redirect
You don't need to set the user id in the session object, to retrieve the currently logged in user, use request.user
来源:https://stackoverflow.com/questions/51668969/how-do-i-create-a-login-system-in-django-using-sessions