为什么我的网站在本地测试时可以正常工作,但是使用域名时无法存储sessionID?
请帮助我!!!
我的项目后端是Django,而Frontend则使用React。
与Local主机进行的本地测试效果很好。
当我在服务器上上网并调整Apache域名时,无法自动存储sessionID。 我尝试了许多方法,但它们不可用。
但是我发现,如果我不使用Apache代理,则可以直接使用IP,并且也可以存储sessionID。 这样做的原因是什么? 我在下面放置的代码。
通过查看Chrome开发人员工具中的应用程序页面, cookie用于确定是否成功设置了sessionID。 在此过程中,域名请求尚未存储,并且IP请求非常正常。
doamin name request doamin name resund结果
django设置
INSTALLED_APPS = [
'whitenoise.runserver_nostatic',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_crontab',
'command_app',
'djcelery',
'corsheaders'
]
MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware'
]
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
# CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOWED_ORIGINS = [
'http://react server ip:3000',
'https://react server ip:3000',
'http://localhost:3000',
'http://server ip:3000',
'https://server ip:3000',
'http://www.my domain name.com',
'https://www.my domain name.com',
'http://my domain name.com:3000',
'https://my domain name.com:3000',
'http://my domain name.com',
'https://my domain name.com',
]
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": ("CustomAuthentication", )
}
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)
CACHES = {
'default': {
'BACKEND': "django_redis.cache.RedisCache",
"LOCATION": "redis://localhost:6379/3", # TODO 3
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"CONNECTION_POOL_KWARGS": {"max_connections": 100}
}
}
}
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
SESSION_CACHE_ALIAS = "default"
django django django vive
class LoginAPI(generics.GenericAPIView):
authentication_classes = (SessionAuthentication, )
serializer_class = LoginSerializer
def post(self, request):
print(request.session.session_key)
print(f"LoginAPI IsLogin: {request.user.is_authenticated}")
if request.user.is_authenticated:
return HttpResponse(dumps({'message': 'Login!'}), content_type='application/json', status=status.HTTP_200_OK)
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except ValidationError:
return HttpResponse(status=status.HTTP_401_UNAUTHORIZED)
user = serializer.validated_data
login(request, user)
return HttpResponse(dumps({'message': 'Logout Success!'}),
content_type='application/json', status=status.HTTP_200_OK)
def get(self, request):
print(request.session.session_key)
if request.user.is_authenticated:
return HttpResponse(dumps({'message': 'Login!'}), content_type='application/json', status=status.HTTP_200_OK)
else:
return HttpResponse(dumps({'message': 'Not Login!'}), content_type='application/json', status=status.HTTP_401_UNAUTHORIZED)
def my_logout(request):
print(request.session.session_key)
print(f"my_logout Is Login: {request.user.is_authenticated}")
logout(request)
return HttpResponse(dumps({'message': 'Logout Success!'}), content_type='application/json', status=status.HTTP_200_OK)
urls.py
urls.py
urlpatterns = [
path('login/', LoginAPI.as_view()), # new web
path('logout/', my_logout), # new web
]
react react code
export default class App extends Component {
testRequest = () => {
axios({
method: 'GET',
url: 'http://server:8049/login/',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
withCredentials: true
}).then(res => {
alert(res.data)
})
}
handleSubmit = (event) => {
event.preventDefault()
this.testRequest()
axios.defaults.withCredentials = true;
const csrftoken = GetCookie('csrftoken')
console.log(csrftoken)
const data = new FormData(event.currentTarget);
axios({
method: 'POST',
url: 'http://server:8049/login/',
dataType: 'json',
data: {
'username': data.get('username'),
'password': data.get('password'),
},
headers: {
"X-CSRFtoken": csrftoken,
'Accept': 'application/json',
'Content-Type': 'application/json',
},
timeout: 100000000000,
withCredentials: true
}).then(res => {
console.log(res)
}).catch(res => {
console.log(res)
})
}
render() {
return (
<div><Box component="form" onSubmit={this.handleSubmit} noValidate sx={{mt: 1}}>
<TextField
margin="normal"
required
fullWidth
id="username"
label="UserName"
name="username"
autoComplete="username"
autoFocus
/>
<TextField
margin="normal"
required
fullWidth
name="password"
label="Password"
type="password"
id="password"
autoComplete="current-password"
/>
<FormControlLabel
control={<Checkbox value="remember" color="primary"/>}
label="Remember me"
/>
<Button
type="submit"
fullWidth
variant="contained"
sx={{mt: 3, mb: 2}}
>
Sign In
</Button>
<Grid container>
<Grid item xs>
<Link href="http://http://my domain name:8049/logout/"variant="body2">
logout
</Link>
</Grid>
<Grid item>
<Link href="#" variant="body2">
{"Don't have an account? Sign Up"}
</Link>
</Grid>
</Grid>
</Box>
</Box>
</div>)
}
}
apache代码
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /home/ec2-user/project_path
ServerName www.my domain name.com
ServerAlias my domain name.com
ProxyPass / http://localhost:8048/
ProxyPassReverse / http://localhost:8048/
</VirtualHost>
please help me!!!
My project backend is django and frontend uses react.
Local testing with localhost works fine.
When I go online on the server and adjust the apache domain name, the sessionid cannot be automatically stored.
I have tried many methods, but they are not available.
But I found that if I don't use the apache proxy, it works fine if I use the ip directly, and the sessionid can also be stored.
What is the reason for this?
The code I put below.
By looking at the application page in chrome's developer tools,
The cookies are used to determine whether the sessionid is successfully set.
In this process, the domain name request has not been stored, and the ip request is very normal.
doamin name request
doamin name result
Django Settings
INSTALLED_APPS = [
'whitenoise.runserver_nostatic',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_crontab',
'command_app',
'djcelery',
'corsheaders'
]
MIDDLEWARE = [
'django.contrib.sessions.middleware.SessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
# 'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'whitenoise.middleware.WhiteNoiseMiddleware'
]
CORS_ALLOW_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
# CORS_ALLOW_ALL_ORIGINS = True
CORS_ALLOWED_ORIGINS = [
'http://react server ip:3000',
'https://react server ip:3000',
'http://localhost:3000',
'http://server ip:3000',
'https://server ip:3000',
'http://www.my domain name.com',
'https://www.my domain name.com',
'http://my domain name.com:3000',
'https://my domain name.com:3000',
'http://my domain name.com',
'https://my domain name.com',
]
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": ("CustomAuthentication", )
}
CORS_ALLOW_METHODS = (
'DELETE',
'GET',
'OPTIONS',
'PATCH',
'POST',
'PUT',
'VIEW',
)
CORS_ALLOW_HEADERS = (
'XMLHttpRequest',
'X_FILENAME',
'accept-encoding',
'authorization',
'content-type',
'dnt',
'origin',
'user-agent',
'x-csrftoken',
'x-requested-with',
'Pragma',
)
CACHES = {
'default': {
'BACKEND': "django_redis.cache.RedisCache",
"LOCATION": "redis://localhost:6379/3", # TODO 3
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"CONNECTION_POOL_KWARGS": {"max_connections": 100}
}
}
}
SESSION_ENGINE = "django.contrib.sessions.backends.cache"
SESSION_CACHE_ALIAS = "default"
Django View
class LoginAPI(generics.GenericAPIView):
authentication_classes = (SessionAuthentication, )
serializer_class = LoginSerializer
def post(self, request):
print(request.session.session_key)
print(f"LoginAPI IsLogin: {request.user.is_authenticated}")
if request.user.is_authenticated:
return HttpResponse(dumps({'message': 'Login!'}), content_type='application/json', status=status.HTTP_200_OK)
serializer = self.get_serializer(data=request.data)
try:
serializer.is_valid(raise_exception=True)
except ValidationError:
return HttpResponse(status=status.HTTP_401_UNAUTHORIZED)
user = serializer.validated_data
login(request, user)
return HttpResponse(dumps({'message': 'Logout Success!'}),
content_type='application/json', status=status.HTTP_200_OK)
def get(self, request):
print(request.session.session_key)
if request.user.is_authenticated:
return HttpResponse(dumps({'message': 'Login!'}), content_type='application/json', status=status.HTTP_200_OK)
else:
return HttpResponse(dumps({'message': 'Not Login!'}), content_type='application/json', status=status.HTTP_401_UNAUTHORIZED)
def my_logout(request):
print(request.session.session_key)
print(f"my_logout Is Login: {request.user.is_authenticated}")
logout(request)
return HttpResponse(dumps({'message': 'Logout Success!'}), content_type='application/json', status=status.HTTP_200_OK)
urls.py
urls.py
urlpatterns = [
path('login/', LoginAPI.as_view()), # new web
path('logout/', my_logout), # new web
]
React Code
export default class App extends Component {
testRequest = () => {
axios({
method: 'GET',
url: 'http://server:8049/login/',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
withCredentials: true
}).then(res => {
alert(res.data)
})
}
handleSubmit = (event) => {
event.preventDefault()
this.testRequest()
axios.defaults.withCredentials = true;
const csrftoken = GetCookie('csrftoken')
console.log(csrftoken)
const data = new FormData(event.currentTarget);
axios({
method: 'POST',
url: 'http://server:8049/login/',
dataType: 'json',
data: {
'username': data.get('username'),
'password': data.get('password'),
},
headers: {
"X-CSRFtoken": csrftoken,
'Accept': 'application/json',
'Content-Type': 'application/json',
},
timeout: 100000000000,
withCredentials: true
}).then(res => {
console.log(res)
}).catch(res => {
console.log(res)
})
}
render() {
return (
<div><Box component="form" onSubmit={this.handleSubmit} noValidate sx={{mt: 1}}>
<TextField
margin="normal"
required
fullWidth
id="username"
label="UserName"
name="username"
autoComplete="username"
autoFocus
/>
<TextField
margin="normal"
required
fullWidth
name="password"
label="Password"
type="password"
id="password"
autoComplete="current-password"
/>
<FormControlLabel
control={<Checkbox value="remember" color="primary"/>}
label="Remember me"
/>
<Button
type="submit"
fullWidth
variant="contained"
sx={{mt: 3, mb: 2}}
>
Sign In
</Button>
<Grid container>
<Grid item xs>
<Link href="http://http://my domain name:8049/logout/"variant="body2">
logout
</Link>
</Grid>
<Grid item>
<Link href="#" variant="body2">
{"Don't have an account? Sign Up"}
</Link>
</Grid>
</Grid>
</Box>
</Box>
</div>)
}
}
Apache Code
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /home/ec2-user/project_path
ServerName www.my domain name.com
ServerAlias my domain name.com
ProxyPass / http://localhost:8048/
ProxyPassReverse / http://localhost:8048/
</VirtualHost>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
更改
允许的_hosttowerse_hosts = ['*']。Change
ALLOWED_HOSTStoALLOWED_HOSTS = ['*'].一时兴起,我将子域分配给前端和后端。
这是否可以保证是同源的。
在这种情况下,我发送了一个请求,发现后端域名成功存储了SessionID,并成功地确定了下一个请求中的登录状态。尽管这很奇怪,但确实可以满足我的需求。
On a whim, I assigned subdomains to the frontend and backend.
Is this guaranteed to be homologous.
I sent a request in this case, and found that the backend domain name successfully stored the sessionid, and successfully determined the login status in the next request. Although it is very strange, it does fulfill my needs.