Django：HTTPS只是登录页面？ [英] Django: HTTPS for just login page?

问题描述

我刚将此SSL中间件添加到我的网站。 http://www.djangosnippets.org/snippets/ 85 / ，我用来保护我的登录页面，以便密码不会以明文形式发送。当然，当用户离开该页面时，他突然退出。我明白为什么会发生这种情况，但是有没有办法将cookie传递给HTTP，以便用户可以保持登录状态？

I just added this SSL middleware to my site http://www.djangosnippets.org/snippets/85/ which I used to secure only my login page so that passwords aren't sent in clear-text. Of course, when the user navigates away from that page he's suddenly logged out. I understand why this happens, but is there a way to pass the cookie over to HTTP so that users can stay logged in?

如果没有，是否有一个简单的方法可以使用HTTPS进行登录页面（也可能是注册页面），如果用户登录，则可以将其保留在HTTPS中，但如果用户未登录，则切换回HTTP？

If not, is there an easy way I can use HTTPS for the login page (and maybe the registration page), and then have it stay on HTTPS if the user is logged in, but switch back to HTTP if the user doesn't log in?

有许多页面对于登录的用户都是可见的，因此我不能仅将某些页面指定为HTTP或HTTPS。

There are a lot of pages that are visible to both logged in users and not, so I can't just designate certain pages as HTTP or HTTPS.

推荐答案

实际上，像这样修改中间件似乎工作得很好：

Actually, modifying the middleware like so seems to work pretty well:

class SSLRedirect:

    def process_view(self, request, view_func, view_args, view_kwargs):
        if SSL in view_kwargs:
            secure = view_kwargs[SSL]
            del view_kwargs[SSL]
        else:
            secure = False

        if request.user.is_authenticated():
            secure = True

        if not secure == self._is_secure(request):
            return self._redirect(request, secure)

    def _is_secure(self, request):
        if request.is_secure():
            return True

        #Handle the Webfaction case until this gets resolved in the request.is_secure()
        if 'HTTP_X_FORWARDED_SSL' in request.META:
            return request.META['HTTP_X_FORWARDED_SSL'] == 'on'

        return False

    def _redirect(self, request, secure):
        protocol = secure and "https://secure" or "http://www"
        newurl = "%s.%s%s" % (protocol,settings.DOMAIN,request.get_full_path())
        if settings.DEBUG and request.method == 'POST':
            raise RuntimeError, \
        """Django can't perform a SSL redirect while maintaining POST data.
           Please structure your views so that redirects only occur during GETs."""

        return HttpResponsePermanentRedirect(newurl)

这篇关于Django：HTTPS只是登录页面？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！