Django 请求标头中未设置Cookie

我使用Angular 9和Django构建了一个客户机-服务器应用程序，我面临以下情况：

登录后，我在响应头中收到会话id。即使浏览器设置了这个cookie，并且我能够在Dev Tools>Application>cookie中看到它，这个cookie也不会在后续请求中使用。更确切地说，如果我在登录后发出请求，我的Django服务器会显示没有会话，并且用户没有登录

我在互联网上搜索了这个问题，发现我必须在我的Angular项目的请求头中设置

{withCredentials:true}

。我制作了一个拦截器，在每个请求头中设置

{withCredentials:true}

，但这对我不起作用。我以这种方式将这个拦截器放在AppModule的提供者中：

Providers:[[{provide:HTTP_拦截器，useClass:AuthInterceptor，multi:true}]

以下是我的拦截器代码：

@Injectable()
export class AuthInterceptor implements HttpInterceptor {
  constructor(public auth: AuthService) {
  }

  intercept(request: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {

    request = request.clone({
      withCredentials: true
    });

    return next.handle(request);
  }
}

在AuthService中，我有：

@Injectable({
  providedIn: 'root'
})
export class AuthService {
  private headers = new HttpHeaders({'Content-Type': 'application/x-www-form-urlencoded'});
  private serverUrl = 'http://localhost:8000/api/auth/';

  constructor(private httpClient: HttpClient) {
  }

  login(loginInputData) {
    const body = new HttpParams()
      .set('username', loginInputData.username)
      .set('password', loginInputData.password);
    return this.httpClient.post<any>(`${this.serverUrl}login/`, body.toString(), {headers: this.headers});
  }

在Django settings.py文件中，我修改了：

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'corsheaders',  # for CORS policy
    'uploadImg.apps.UploadimgConfig',
    'users.apps.UsersConfig',
    'frontEnd.apps.FrontendConfig',
]
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'corsheaders.middleware.CorsMiddleware',  # for CORS policy
    'django.middleware.common.BrokenLinkEmailsMiddleware',  # for CORS policy
]
CORS_ORIGIN_ALLOW_ALL = True # for CORS policy
CORS_ALLOW_CREDENTIALS = True # for CORS policy
CORS_ORIGIN_REGEX_WHITELIST = [
    'http://localhost:4200',
] # for CORS policy

@csrf_exempt
def log_in(request):
    if request.method == 'POST':
        username = request.POST.get('username')
        password = request.POST.get('password')

        user = authenticate(request, username=username, password=password)

        if user is not None:
            login(request, user)
            return HttpResponse(status=200)
        else:
            return HttpResponseBadRequest("Invalid credentials")

    return HttpResponseForbidden("Not allowed")

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'corsheaders',  # for CORS policy
    'uploadImg.apps.UploadimgConfig',
    'users.apps.UsersConfig',
    'frontEnd.apps.FrontendConfig',
]
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'corsheaders.middleware.CorsMiddleware',  # for CORS policy
    'django.middleware.common.BrokenLinkEmailsMiddleware',  # for CORS policy
]
CORS_ORIGIN_ALLOW_ALL = True # for CORS policy
CORS_ALLOW_CREDENTIALS = True # for CORS policy
CORS_ORIGIN_REGEX_WHITELIST = [
    'http://localhost:4200',
] # for CORS policy