Django 以前的';会话超时';错误消息未被清除
我使用的是Django 1.5.5,我使用的是Django提供的内置身份验证系统 我在my settings.py中定义了Django 以前的';会话超时';错误消息未被清除,django,django-1.5,django-sessions,django-login,Django,Django 1.5,Django Sessions,Django Login,我使用的是Django 1.5.5,我使用的是Django提供的内置身份验证系统 我在my settings.py中定义了SESSION\u TIMEOUT=600,因此在空闲10分钟后,用户将被重定向到登录页面,并带有“SESSION TIMEOUT”警告,如request.COOKIES.logout\u reason显示在页面上。 问题是,用户重新登录后,再次手动注销系统。“会话超时”警告消息仍然显示,我认为成功登录后应清除请求.COOKIES.logout\u原因变量 可能存在什么问题?
SESSION\u TIMEOUT=600
,因此在空闲10分钟后,用户将被重定向到登录页面,并带有“SESSION TIMEOUT”警告,如request.COOKIES.logout\u reason
显示在页面上。
问题是,用户重新登录后,再次手动注销系统。“会话超时”警告消息仍然显示,我认为成功登录后应清除请求.COOKIES.logout\u原因变量
可能存在什么问题?我可能需要查看的代码在哪里?我对Django缺乏经验,还没有找到相关的讨论。谢谢
更新:我在django.contrib.auth.views.py中使用的登录和注销功能
from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout, get_user_model
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.models import get_current_site
@sensitive_post_parameters()
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm,
current_app=None, extra_context=None):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.REQUEST.get(redirect_field_name, '')
if request.method == "POST":
form = authentication_form(data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
# Okay, security check complete. Log the user in.
auth_login(request, form.get_user())
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponseRedirect(redirect_to)
else:
form = authentication_form(request)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context,
current_app=current_app)
def logout(request, next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME,
current_app=None, extra_context=None):
"""
Logs out the user and displays 'You are logged out' message.
"""
auth_logout(request)
if redirect_field_name in request.REQUEST:
next_page = request.REQUEST[redirect_field_name]
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page)
current_site = get_current_site(request)
context = {
'site': current_site,
'site_name': current_site.name,
'title': _('Logged out')
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context,
current_app=current_app)
而auth\u login()
和auth\u logout()
将调用django.contrib.auth.\uuuu init\uuuu.py
中的以下函数:
def login(request, user):
"""
Persist a user id and a backend in the request. This way a user doesn't
have to reauthenticate on every request. Note that data set during
the anonymous session is retained when the user logs in.
"""
if user is None:
user = request.user
# TODO: It would be nice to support different login methods, like signed cookies.
if SESSION_KEY in request.session:
if request.session[SESSION_KEY] != user.pk:
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
if hasattr(request, 'user'):
request.user = user
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def logout(request):
"""
Removes the authenticated user's ID from the request and flushes their
session data.
"""
# Dispatch the signal before the user is logged out so the receivers have a
# chance to find out *who* logged out.
user = getattr(request, 'user', None)
if hasattr(user, 'is_authenticated') and not user.is_authenticated():
user = None
user_logged_out.send(sender=user.__class__, request=request, user=user)
request.session.flush()
if hasattr(request, 'user'):
from django.contrib.auth.models import AnonymousUser
request.user = AnonymousUser()
您使用的注销/登录视图是什么?hi@BurhanKhalid我的登录/注销函数主要使用login()
和logout()
函数django.contrib.auth.views.py
。我还可以向您提供其他信息吗?请使用您用于登录和注销的实际视图更新问题。什么是auth_login
和auth_logout
?@dan klasson I包含了它们,但它仍然是django.contrib.auth中的内置代码