Django:管理会话变量来管理浏览器后退按钮
我正在创建一个基于网络的模拟试卷,它需要相当安全。
需求是 每个问题只能尝试并回答一次。 全部都是选择题 一旦回答了问题并按下了提交,则该会话必须过期,并且相同的问题不得通过后退按钮或其他方式出现。
如果浏览器崩溃或系统崩溃,学生必须能够返回到正在尝试但尚未回答和提交的最后一个问题。
在 Django 中实现时采用的最佳策略是什么?一旦按下提交按钮,如何自动终止会话?如何确保按后退按钮后,您无法访问尝试并回答的问题?
我尝试过谷歌搜索,但我无法找到可以更好地指导我的资源。我看过 django 会话文档,但我不确定我是否知道执行此操作的正确方法。任何建议都可以提供帮助
I am creating a web based Mock test paper, which needs to be fairly secure.
The needs are
Each question can be attempted and answered just once.
All are multiple Choice questions
Once a question is answered and the submit pressed, then that session must expire, and the same question must not appear either through back button or some other way.
In case the browser crashes or the system crashes, the student must be able to go back to the last question which was being attempted, and not yet answered and submitted.
What would be the best strategies to adopt while implementing it in Django. How do you automatically kill the session, once the submit button is pressed? And how do you ensure that by pressing the back button, you are not able to access a question attempted and answered?
I tried googling, but I am not able to point to resources that would guide me better. I have seen django sessions documents, but I am not sure whether I know the right way to do this. Any suggestions can help
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
重定向后获取。 http://en.wikipedia.org/wiki/Post/Redirect/Get
确实没有意义。您不需要“终止”会话。你需要做两件事。
更新该用户的数据库条目以表明他们已经走了多远。
更新会话以表明他们已经走了多远。
不要试图“终止”会话。保持会话信息(和底层数据库)正确。
终止会话只会迫使他们再次登录——这很烦人。此外,当他们再次登录时,数据库必须正确,否则他们将再次开始测试。因此,您只需保持数据库和会话同步即可。
Post-Redirect-Get. http://en.wikipedia.org/wiki/Post/Redirect/Get
Doesn't really make sense. You don't need to 'kill' the session. You need to do two things.
Update the database entry for this user to indicate how far they've gotten.
Update the session to indicate how far they've gotten.
Don't try to "kill" the session. Keep the session information (and the underlying database) correct.
Killing the session will only force them to login again -- which is merely annoying. Further, when they login again, the database must be correct or they'll start the test again. So, you only need to keep the database and session synchronized.