Django 1.2会话丢失 [英] Django 1.2 session loss

问题描述

我之前也曾问过类似的问题，但我进行了更多研究，并且此迭代应该有所不同.似乎有几个SO用户在单一视图中注册和登录用户时遇到了问题，但实际上并没有得到解决.

I've asked a similar question before, but I've done some more research and this iteration should be a bit different. It seems as though several SO users have had an issue with registering and logging in users in a single view and it hasn't really been answered.

问题是我在单个Django视图中注册，认证和登录用户.对于大多数用户来说，这很好，但对于其他用户，他们的后续请求(他们单击我网站上的链接)将返回一个匿名用户.不知何故，已登录的用户丢失了会话，并被重定向到我的站点e上不需要身份验证的页面.

The issue is that I register, authenticate, and login a user in a single Django view. For most users that's fine, but for other users, their subsequent request (they click a link on my site) returns an Anonymous User. Somehow, the logged in user loses their session and is redirected to a page on my sit ethat doesn't require authentication.

当他们然后通过纯登录视图(而不是寄存器+登录视图)登录时，会话数据保持原样.问题实际上似乎是在单个视图中注册和登录.

When they then log in via a pure login view (as opposed to the register + login view), the session data stays in tact. The issue really seems to be registering and logging in a single view.

有关同一问题，请参见此帖子: https://stackoverflow.com/questions/1693726/problem-with-combined-authentication-login-view .

See this post for the same issue: https://stackoverflow.com/questions/1693726/problem-with-combined-authentication-login-view.

已建议这可能是线程问题.我还看到它建议它与缓存会话数据的后端有关.

It has been suggested that this is potentially a threading issue. I've also seen it suggested that it relates to the backend for caching session data.

对它真正与之相关的任何想法吗?我无法重现该错误，这确实使我退缩了.

Any thoughts on what it really relates to? I can't reproduce the error, which is really holding me back.

编辑-我应该注意，我正在使用默认的数据库支持的会话.

EDIT--I should note that I'm using the default database backed sessions.

这是我的注册/登录视图

Here is my register/login view

def splash_register(request):
  if request.session.get('beta'):

    if request.method=='POST':
        userform=MyUserCreationForm(request.POST)
        if userform.is_valid():
            #username of <30 char is required by Django User model.  I'm storing username as a hash of user email 

            user=userform.save(commit=False)
            user.username=hash(user.email)
            user.save()



            username=user.username
            password=str(userform.cleaned_data['password'])
            user=auth.authenticate(username=username, password=password)
            if user is not None:
                auth.login(request,user)
                request.session['first_visit']=True
                return HttpResponseRedirect("/")
            else:
                return HttpResponseRedirect('/splash/register/')
        else:
            userform=MyUserCreationForm(request.POST)
            return render_to_response("website/splash_register.html", {'userform':userform}, context_instance=RequestContext(request))
    return render_to_response("website/splash_register.html", context_instance=RequestContext(request))     
else:
    return HttpResponseRedirect('/splash/')        

推荐答案

您不必使用身份验证，在这种情况下，它并不是真正需要的.您所需要做的就是设置用户记录的后端.

You don't have to use authenticate and, in this scenario, it's not really needed. All you need to do is set the backend of the user record.

所以类似的事情会起作用:

So something like this would work:

def splash_register(request):
  if request.session.get('beta'):

    if request.method=='POST':
        userform=MyUserCreationForm(request.POST)
        if userform.is_valid():
            #username of <30 char is required by Django User model.  I'm storing username as a hash of user email 

            user=userform.save(commit=False)
            user.username=hash(user.email)
            user.backend='django.contrib.auth.backends.ModelBackend'
            user.save()


            username=user.username
            password=str(userform.cleaned_data['password'])
            auth.login(request, user)
            request.session['first_visit']=True
            return HttpResponseRedirect("/")
        else:
            userform=MyUserCreationForm(request.POST)
            return render_to_response("website/splash_register.html", {'userform':userform}, context_instance=RequestContext(request))
    return render_to_response("website/splash_register.html", context_instance=RequestContext(request))     
else:
    return HttpResponseRedirect('/splash/')

更新

我在评论中提到了这一点，但是对于答案"而言，解决方案是将其添加到您的设置文件中:

Update

I mentioned this in a comment, but in terms of an "answer" the solution is to add this to your settings file:

SESSION_COOKIE_DOMAIN = 'yourdomain.com'

这将允许来自www.yourdomain.com 或 yourdomain.com的用户登录网站.

This will allow users coming in from www.yourdomain.com or yourdomain.com to log in to the website.

这篇关于Django 1.2会话丢失的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！