# 1.login() # 用户第一次登录,后端用session保留登录状态,并标记了一个sessonid在请求中; # 1.如果没有新用户提交登录,就将原保存在request中的user返回,保持登录状态; # 2.如果有新用户提交登录,对user中密码进行加密: # 通过hash中的md5,传入参数有:加密盐,密码,settings.py中设置SECRET_KEY; # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. # 如果新的用户登录; # 为了避免存在的session与其他认证通过的用户一致,需要清除原来的session, # 并且重新创建一个session来存放新用户; # 源码中有这么两个判断: if user is None: user = request.user ... if hasattr(request, 'user'): request.user = user # 如果有新用户发起登录请求,就将这个对象放到request中; # 所以在前端可以通过{% if request.user.is_authenticated %}来判断是否登录; # rotate_token(request) # 这个方法对防csrf跨站请求伪造,在表单input增加的value进行了update随机更新操作; # 每次登录都会更新一次; # user_logged_in.send(sender=user.__class__, request=request, user=user) # Returns a list of tuple pairs [(receiver, response), ... ]. # 下面这段话大致的意思是,如果django中的信号器只有一条线路,那么当某一个用户 # 登录产生异常的话,线路上的其他用户也会接受到错误信息; # 所以,django将每个用户以各自返回的数据放到元组中,以列表的形式return给send(); """ Send signal from sender to all connected receivers. If any receiver raises an error, the error propagates(传播) back through send, terminating(结束) the dispatch(派遣) loop, so it is quite possible to not have all receivers called if a raises an error. Arguments: sender The sender of the signal Either a specific object or None. named Named arguments which will be passed to receivers. Returns a list of tuple pairs [(receiver, response), ... ]."""