In Web development, Session and Cookie are two common technologies that are used to transfer data between the client and the server. Session is a server-side technology that saves user data on the server side, while Cookie is a client-side technology that saves user data in the browser.
Session is a technology that saves user data on the server side. In Django, Session is implemented through SessionMiddleware, which reads the user's Session data from storage before each request is processed and saves it in request. session attribute, so that the view function can access the Session data.
To use Session, you need to activate SessionMiddleware in the configuration file of the Django project, so that Django will automatically create a Session object for each request. Add django.contrib.sessions.middleware.SessionMiddleware to MIDDLEWARE to activate SessionMiddleware.
MIDDLEWARE = [
# ...
'django.contrib.sessions.middleware.SessionMiddleware',
# ...
]Django’s Session has a variety of storage methods, including databases, caches, file systems, etc. In the Django configuration file, you can specify the storage method of Session through SESSION_ENGINE, and specify the expiration time of Session through SESSION_COOKIE_AGE.
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 86400
The above configuration indicates that the Session is stored in the cache, using the default cache, and the Session expiration time is 1 day.
Using Session in the view function is very simple, you only need to access the request.session property. The following is an example of using Session:
def index(request):
count = request.session.get('count', 0)
request.session['count'] = count + 1
return HttpResponse('count: %d' % count)In the above example, we accessed the request.session property and used the get method to obtain the object named count Session data. If the count data does not exist in the Session, the get method will return the default value 0. Then, we increment count by 1 and save it to the Session. When the user accesses the view function again, we can obtain the previously saved count data, then add 1 to it and update it to the Session.
It should be noted that the data saved in Session has a size limit. In the Django configuration file, you can specify the Session size limit through SESSION_COOKIE_MAX_SIZE. If the data saved in the Session exceeds the limit, a SuspiciousOperation exception will be thrown.
Cookie is a technology that saves user data on the client side. In Django, you can use HttpRequest and HttpResponse objects to read and write cookies.
In the HttpRequest object, all cookies can be accessed through the COOKIES attribute. The following is an example of reading Cookie:
def index(request):
count = request.COOKIES.get('count', 0)
response = HttpResponse('count: %d' % count)
response.set_cookie('count', count + 1)
return response In the above example, we accessed the request.COOKIES property and used the get method to obtain the cookie named count of cookies. If count data does not exist in the cookie, the get method will return the default value 0. We then increment count by 1 and save it to the cookie. Finally, we return a HttpResponse object and use the set_cookie method to save the updated count to the cookie.
It should be noted that the data saved in Cookie also has size limits. Cookie size limits may differ in different browsers. In Django, you can specify the cookie size limit through SESSION_COOKIE_MAX_SIZE. If the data saved in the cookie exceeds the limit, a SuspiciousOperation exception will be thrown.
In the HttpResponse object, you can use the set_cookie method to write Cookie. The following is an example of writing to Cookie:
def index(request):
response = HttpResponse('Hello, world!')
response.set_cookie('name', 'value', max_age=3600, expires=None, path='/', domain=None, secure=False, httponly=False, samesite=None)
return response In the above example, we create a HttpResponse object and use the set_cookie method to set the value named ## Cookies with #name and value value are written into the response. max_ageThe parameter specifies the maximum lifespan of the cookie, in seconds. expiresThe parameter specifies the expiration time of the cookie. If not specified, it means that the cookie expires when the browser is closed. The path parameter specifies the cookie's action path, that is, only requests under the specified path will carry the cookie. The domain parameter specifies the scope of the cookie, that is, only requests to access the specified domain name will carry the cookie. secureThe parameter specifies whether the cookie can only be transmitted through the HTTPS protocol. httponlyThe parameter specifies whether the cookie can only be accessed through the HTTP protocol and not through JavaScript. samesiteThe parameter specifies the SameSite attribute of the cookie, that is, it specifies whether the cookie can only be used within the same site.
When using Session and Cookie, you should choose the appropriate technology based on the specific application scenario. Generally speaking, if you need to store a large amount of data or need to ensure data security, you should use Session technology; if you need to store a small amount of data or need to share data between clients, you should use Cookie technology.
In addition, it should be noted that both Session and Cookie have security risks. If the Session or Cookie is intercepted by a malicious attacker, the user's data will be leaked. Therefore, when using Sessions and Cookies, appropriate security measures should be selected based on specific application scenarios, such as using the HTTPS protocol to transmit data, setting the HttpOnly attribute of Cookies, etc.
The above is the detailed content of How to deal with Session and Cookie in Python. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
