我发送一个Ajax请求我的Django的服务器的角度登录页面(从角应用单独端口上侦听),我可以登录我的用户,但一个会话cookie不会在客户端的响应被退回以存储在角度应用程序。这里是我的后端settings.py貌似认证具体的东西:
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'corsheaders.middleware.CorsMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',]
# Here are the session specific settings
SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_AGE = 1800 # The age of session cookies, in seconds
CORS_ORIGIN_ALLOW_ALL = True
这里是迷上了我的登录路径我的登录视图功能:
@csrf_exempt
@require_POST
def login_view(request: HttpRequest):
payload = request.body.decode()
body = json.loads(payload)
username = body['username']
password = body['password']
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)# Log the user in
return HttpResponse('Success')
else:
return HttpResponseBadRequest()
我试图使用基于cookie /会话验证,这样,如果用户关闭了页面和会话的时间届满前重新推出它,它会引导他们回到登陆页面,并为特定的输入选择字段只有某些选项应该根据用户要返回,这将需要通过会话认证来处理。有一些是不正确的在我的设置文件?
尝试设置SESSION_COOKIE_SECURE
和CSRF_COOKIE_SECURE
为False,也许是因为你的要求是不安全