Django 1.2 会话丢失
我以前问过类似的问题,但我做了更多研究,这次迭代应该有点不同。似乎有几个 SO 用户在单个视图中注册和登录用户时遇到了问题,而且还没有真正得到解决。
问题是我在单个 Django 视图中注册、验证和登录用户。对于大多数用户来说这很好,但对于其他用户来说,他们的后续请求(他们单击我网站上的链接)会返回匿名用户。不知何故,登录的用户丢失了会话并被重定向到我网站上不需要身份验证的页面。
然后,当他们通过纯登录视图(而不是注册 + 登录视图)登录时,会话数据保持不变。问题似乎确实是在单一视图中注册和登录。
有关同一问题,请参阅此帖子:https://stackoverflow.com/questions/1693726/组合身份验证登录视图出现问题。
有人认为这可能是线程问题。我还看到它表明它与缓存会话数据的后端有关。
对于它真正涉及的内容有什么想法吗?我无法重现该错误,这确实阻碍了我。
编辑 - 我应该注意到我正在使用默认的数据库支持的会话。
这是我的注册/登录视图
def splash_register(request):
if request.session.get('beta'):
if request.method=='POST':
userform=MyUserCreationForm(request.POST)
if userform.is_valid():
#username of <30 char is required by Django User model. I'm storing username as a hash of user email
user=userform.save(commit=False)
user.username=hash(user.email)
user.save()
username=user.username
password=str(userform.cleaned_data['password'])
user=auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request,user)
request.session['first_visit']=True
return HttpResponseRedirect("/")
else:
return HttpResponseRedirect('/splash/register/')
else:
userform=MyUserCreationForm(request.POST)
return render_to_response("website/splash_register.html", {'userform':userform}, context_instance=RequestContext(request))
return render_to_response("website/splash_register.html", context_instance=RequestContext(request))
else:
return HttpResponseRedirect('/splash/')
I've asked a similar question before, but I've done some more research and this iteration should be a bit different. It seems as though several SO users have had an issue with registering and logging in users in a single view and it hasn't really been answered.
The issue is that I register, authenticate, and login a user in a single Django view. For most users that's fine, but for other users, their subsequent request (they click a link on my site) returns an Anonymous User. Somehow, the logged in user loses their session and is redirected to a page on my sit ethat doesn't require authentication.
When they then log in via a pure login view (as opposed to the register + login view), the session data stays in tact. The issue really seems to be registering and logging in a single view.
See this post for the same issue: https://stackoverflow.com/questions/1693726/problem-with-combined-authentication-login-view.
It has been suggested that this is potentially a threading issue. I've also seen it suggested that it relates to the backend for caching session data.
Any thoughts on what it really relates to? I can't reproduce the error, which is really holding me back.
EDIT--I should note that I'm using the default database backed sessions.
Here is my register/login view
def splash_register(request):
if request.session.get('beta'):
if request.method=='POST':
userform=MyUserCreationForm(request.POST)
if userform.is_valid():
#username of <30 char is required by Django User model. I'm storing username as a hash of user email
user=userform.save(commit=False)
user.username=hash(user.email)
user.save()
username=user.username
password=str(userform.cleaned_data['password'])
user=auth.authenticate(username=username, password=password)
if user is not None:
auth.login(request,user)
request.session['first_visit']=True
return HttpResponseRedirect("/")
else:
return HttpResponseRedirect('/splash/register/')
else:
userform=MyUserCreationForm(request.POST)
return render_to_response("website/splash_register.html", {'userform':userform}, context_instance=RequestContext(request))
return render_to_response("website/splash_register.html", context_instance=RequestContext(request))
else:
return HttpResponseRedirect('/splash/')
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您不必使用身份验证,并且在这种情况下,实际上并不需要它。您所需要做的就是设置用户记录的后端。
所以像这样的东西会起作用:
更新
我在评论中提到了这一点,但就“答案”而言,解决方案是将其添加到您的设置文件中:
这将允许用户从 www.yourdomain.com 进入或 yourdomain.com 登录该网站。
You don't have to use authenticate and, in this scenario, it's not really needed. All you need to do is set the backend of the user record.
So something like this would work:
Update
I mentioned this in a comment, but in terms of an "answer" the solution is to add this to your settings file:
This will allow users coming in from www.yourdomain.com or yourdomain.com to log in to the website.
天啊,我既感到无比的宽慰,又充满了自我厌恶。我不知道 Cookie 不能在 www 和非 www 域名之间转移。
我的一组用户访问 www,然后被重定向到非 www,从而终止了他们的会话。我现在正在设置 mod_rewrite 来解决这个问题。
Oh man, I am both incredibly relieved and also full of self-loathing. I had no idea that that the Cookies weren't transferable between www and non-www domain names.
A set of my users were coming to www and then were redirected to non-www, killing their session. I'm setting up mod_rewrite now to resolve the situation.
以防万一这对其他人有帮助,我遇到了这个问题,在当前视图中,request.user.is_authenticated() 是 True,但是在 HttpResponseRedirect 到另一个页面、同一主机之后,request.user 变成了匿名。我正在使用会话,但事实证明这不是会话。我做了我自己的自定义身份验证后端,1.2文档说你必须实现 get_user(self, user_id) 但我不认为 user_id (主键)有什么特别的,所以我将它实现为 get_user(self, username) ..但是显然这就是问题的根源!
Just incase this helps anybody else, I had this problem where in the current view, request.user.is_authenticated() is True, but after a HttpResponseRedirect to another page, same host, request.user became anonymous. I am using sessions, but turns out it wasn't the session. I did my own custom authentication backend, and the 1.2 docs say you must implement get_user(self, user_id) but I didn't think user_id (primary key) was anything special so I implemented it as get_user(self, username) .. but apparently that was the source of the problem!