[英]Django authenticate not keeping user logged in
I am attempting to learn Django's authentication system by contriving a basic login scenario. 我正在尝试通过设计基本的登录方案来学习Django的身份验证系统。 My views are set up such that a view, logIn
, either receives a user's credentials (and prints the success/failure of the login), or it renders a login form. 我的视图设置为使视图logIn
接收用户的凭据(并打印登录成功/失败),或呈现登录表单。
A second view, privatePage
, is designed as a sanity check that the user is actually logged in. The code is as follows: 第二个视图privatePage
,被设计为用户实际登录的健全性检查。代码如下:
views.py
: views.py
: @login_required(login_url='/logIn')
def privatePage(request):
return HttpResponse("You're viewing a private page")
@csrf_exempt
def logIn(request):
if request.method == "POST" and \
request.POST.get('email') and \
request.POST.get('password'):
user = authenticate(username=request.POST['email'],
password=request.POST['password'])
return HttpResponse('Valid login' if user is not None else 'Invalid login')
# render login form
return HttpResponse("<form>...</form>")
I'm finding that after succcessfully logging in via the logIn
view, I am still redirected to the login view upon trying to visit privatePage
. 我发现在成功通过logIn
视图登录后,在尝试访问privatePage
时仍然重定向到登录视图。 FYI, I'm attempting to visit the privatePage
view directly by URL, as opposed to navigating through provided links (eg I'm not sure if I'm violating some CSRF rule). 仅供参考,我试图通过URL直接访问privatePage
视图,而不是通过提供的链接进行导航(例如,我不确定是否违反某些CSRF规则)。
Any idea what's going on? 知道发生了什么吗?
You've not actually logged in. You need to login the user after verifying their identity with authenticate
: 您实际上尚未登录。需要通过authenticate
用户的身份后登录该用户:
from django.contrib.auth import login
user = authenticate(email=email, password=password)
if user is not None:
login(request, user)
login
should only be used on users that have been confirmed to exist. login
仅应用于已确认存在的用户。
What authenticate
does: authenticate
是:
verifies a user is who they claim to be 验证用户是他们声称的身份
It does not perform the actual login . 它不执行实际的登录 。
To keep the user logged in a session
must be provided to user with usage of login()
method. 为了使用户保持登录状态,必须使用login()
方法向用户提供session
。 Login is the process of providing user with a session and authenticate() verifies that the given credentials corresponds to an existing user model object in database
. 登录是为用户提供会话的过程, authenticate() verifies that the given credentials corresponds to an existing user model object in database
。 Import django's built in login and authenticate methods from django.contrib.auth import authenticate, login
. from django.contrib.auth import authenticate, login
导入django的内置登录和身份验证方法from django.contrib.auth import authenticate, login
。 And then your code looks like 然后你的代码看起来像
user =authenticate(email, password)
If user:
login(user, request)
Hope it helps :) 希望能帮助到你 :)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.