堆栈内存溢出
  简体   繁体   English

Django身份验证不保持用户登录

[英]Django authenticate not keeping user logged in

 原文  2016-08-01 05:07:57       python/ django/ authentication/ web/ login

问题描述

I am attempting to learn Django's authentication system by contriving a basic login scenario. 我正在尝试通过设计基本的登录方案来学习Django的身份验证系统。 My views are set up such that a view, logIn , either receives a user's credentials (and prints the success/failure of the login), or it renders a login form. 我的视图设置为使视图logIn接收用户的凭据(并打印登录成功/失败),或呈现登录表单。

A second view, privatePage , is designed as a sanity check that the user is actually logged in. The code is as follows: 第二个视图privatePage ,被设计为用户实际登录的健全性检查。代码如下:

views.py : views.py 

@login_required(login_url='/logIn')
def privatePage(request):
    return HttpResponse("You're viewing a private page")

@csrf_exempt
def logIn(request):
    if request.method == "POST" and \
       request.POST.get('email') and \
       request.POST.get('password'):
        user = authenticate(username=request.POST['email'], 
                            password=request.POST['password'])
        return HttpResponse('Valid login' if user is not None else 'Invalid login')
    # render login form
    return HttpResponse("<form>...</form>")

I'm finding that after succcessfully logging in via the logIn view, I am still redirected to the login view upon trying to visit privatePage . 我发现在成功通过logIn视图登录后,在尝试访问privatePage时仍然重定向到登录视图。 FYI, I'm attempting to visit the privatePage view directly by URL, as opposed to navigating through provided links (eg I'm not sure if I'm violating some CSRF rule). 仅供参考,我试图通过URL直接访问privatePage视图,而不是通过提供的链接进行导航(例如,我不确定是否违反某些CSRF规则)。

Any idea what's going on? 知道发生了什么吗?

2 个解决方案

解决方案1
 5 已采纳  2016-08-01 05:12:18

You've not actually logged in. You need to login the user after verifying their identity with authenticate : 您实际上尚未登录。需要通过authenticate用户的身份后登录该用户: 

from django.contrib.auth import login

user = authenticate(email=email, password=password)
    if user is not None:
        login(request, user)

login should only be used on users that have been confirmed to exist. login仅应用于已确认存在的用户。

What authenticate does: authenticate是:

verifies a user is who they claim to be 验证用户是他们声称的身份

It does not perform the actual login . 它不执行实际的登录

解决方案2
 0  2016-08-01 16:53:46

To keep the user logged in a session must be provided to user with usage of login() method. 为了使用户保持登录状态,必须使用login()方法向用户提供session Login is the process of providing user with a session and authenticate() verifies that the given credentials corresponds to an existing user model object in database . 登录是为用户提供会话的过程, authenticate() verifies that the given credentials corresponds to an existing user model object in database Import django's built in login and authenticate methods from django.contrib.auth import authenticate, login . from django.contrib.auth import authenticate, login导入django的内置登录和身份验证方法from django.contrib.auth import authenticate, login And then your code looks like 然后你的代码看起来像 

user =authenticate(email, password)
    If user:
        login(user, request)

Hope it helps :) 希望能帮助到你 :)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Django 使用登录的 Windows 域用户进行身份验证 - Django authenticate using logged in windows domain user 更改密码后保持用户登录(Django)自定义用户 model - Keeping user logged in after changing password (Django) custom user model Django:验证和登录 function 有效,但用户实际上并未登录 - Django: authenticate & login function works but user isn't actually logged in 无法验证 django 中的用户 - Not able to authenticate user in django 用户身份验证无法正常工作Django - user authenticate is not working Django Django:验证用户 - Django: authenticate the user Django,请记住用户已登录 - Django , remembering that a user is logged in 无法验证 Django 3 中的自定义用户 - Unable to authenticate custom user in Django 3 Django身份验证未注册用户 - Django authenticate does not register a user django authenticate()用于定制用户模型 - django authenticate() for custom user model
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM