使用Django停用匿名用户Cookie [英] Disable anonymous user cookie with Django
问题描述
我对我的网站使用django auth,需要安装会话中间件。
I use django auth for my website, which needs to have the session middleware installed.
Django会话中间件总是添加会话cookie,即使对于匿名用户未经认证)。
Django session middleware always adds a session cookie, even for anonymous users (users that are not authenticated). When they authenticate the cookie is replaced by another one indicating the user is logged-in.
我想禁用匿名用户cookie以用于缓存目的(varnish)。
I want to disable the anonymous user cookie for caching purposes (varnish).
有没有办法在不删除会话中间件的情况下禁用匿名用户Cookie,这是应用程序使用auth所必需的?
Is there a way to disable anonymous user cookies without removing session middleware which is necessary for apps using auth?
推荐答案
会话数据在 process_response
的 SessionMiddleware
中的cookie中设置。此函数不使用任何设置或 request.user
,因此您无法在此方法内部了解用户是登录用户还是匿名用户。
Session data is set in the cookie in the process_response
of SessionMiddleware
. This function doesn't use any setting or request.user
, so you do not have any way of knowing inside this method whether the user is a logged in user or an anonymous user. So, you can't disable sending the session cookie to the browser.
但是如果你想要这个功能,你可以将 SessionMiddleware
,并覆盖 process_response
。
However if you want this functionality then you can subclass SessionMiddleware
and overide process_response
.
from django.contrib.sessions.middleware import SessionMiddleware
from django.conf import settings
class NewSessionMiddleware(SessionMiddleware):
def process_response(self, request, response):
response = super(NewSessionMiddleware, self).process_response(request, response)
#You have access to request.user in this method
if not request.user.is_authenticated():
del response.cookies[settings.SESSION_COOKIE_NAME]
return response
您可以使用 NewSessionMiddleware
代替 SessionMiddleware
。
MIDDLEWARE_CLASSES = (
'django.middleware.common.CommonMiddleware',
'myapp.middleware.NewSessionMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.middleware.doc.XViewMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
)
这篇关于使用Django停用匿名用户Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!