为什么关闭浏览器后SESSION_EXPIRE_AT_BROWSER_CLOSE = True不注销用户？ [英] Why doesn't SESSION_EXPIRE_AT_BROWSER_CLOSE = True log the user out when the browser is closed?

问题描述

根据Django文档，如果SESSION_EXPIRE_AT_BROWSER_CLOSE设置为True，则Django将使用浏览器长度的cookie，这些cookie会在用户关闭浏览器后立即失效。如果您希望人们必须登录，请使用此cookie。每次他们打开浏览器时。

According to Django documentation, "if SESSION_EXPIRE_AT_BROWSER_CLOSE is set to True, Django will use browser-length cookies -- cookies that expire as soon as the user closes his or her browser. Use this if you want people to have to log in every time they open a browser."

这就是我通过在我的settings.py文件中添加以下行（然后重新启动服务器）来完成的：

And that is what I did by adding the following line to my settings.py file (and restarting the server):

# Close the session when user closes the browser
SESSION_EXPIRE_AT_BROWSER_CLOSE = True

然后我登录到检查用户是否已通过身份验证的页面，然后关闭浏览器。当我再次打开浏览器并访问同一页面时，它不要求输入用户名和密码，因为它显然通过了以下测试：

Then I logged into a page which checks if the user is authenticated, and then I closed the browser. When I open my browser again and visit the same page it does not ask for a username and a password because it passes the following test apparently:

def check_teacher(request):
    result = {}
    if request.user.is_authenticated():
        ...

我做错了什么或我错过了什么？

What am I doing wrong or what am I missing? Any suggestions?

我在Ubuntu GNU / Linux 10.10系统上使用Django 1.3 pre-alpha SVN-13858，并使用Django开发服务器运行以上示例。

I'm using Django version 1.3 pre-alpha SVN-13858 on my Ubuntu GNU/Linux 10.10 system and running the above example using the Django development server.

推荐答案

关闭标签页或窗口不算是关闭浏览器。确保退出浏览器程序以结束浏览器会话。

Closing the tab or window does not count as closing the browser. Make sure you quit the browser program to end a browser session.

如果这样做没有帮助，请使用Firefox中的FireBug或Safari中的Web Inspector仔细检查对您的初始网页点击的响应。初始页面点击可能是很多事情之一；首次打开浏览器时，注销时或清除cookie之后立即。使用 SESSION_EXPIRE_AT_BROWSER_CLOSE = True ，您应该在标题中看到以下内容：

If that does not help, use FireBug in firefox or Web Inspector in Safari to double check the headers in the response on your initial page hit. The initial page hit can be one of many things; when you first open the browser, when you logout or immediately after clearing cookies. With SESSION_EXPIRE_AT_BROWSER_CLOSE = True you should see something like this in the header:

Set-Cookie:sessionid=f4c06139bc46a10e1a30d5f0ab7773e2; Path=/

当 SESSION_EXPIRE_AT_BROWSER_CLOSE = False expires = ... 值将被添加：

Set-Cookie:sessionid=a532f3d7dc314afc58e8f676ed72280e; expires=Wed, 03-Nov-2010 17:08:45 GMT; Max-Age=1209600; Path=/

如果您很难看到 Set-Cookie 标头，因为重定向，您可以尝试使用 django-debug-toolbar 将重定向分为多个页面。

If you have a hard time seeing the Set-Cookie header because of redirects you can try using django-debug-toolbar to break the redirects up into multiple pages.

这篇关于为什么关闭浏览器后SESSION_EXPIRE_AT_BROWSER_CLOSE = True不注销用户？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！