# 1.login() # 用戶第一次登錄,后端用session保留登錄狀態,並標記了一個sessonid在請求中; # 1.如果沒有新用戶提交登錄,就將原保存在request中的user返回,保持登錄狀態; # 2.如果有新用戶提交登錄,對user中密碼進行加密: # 通過hash中的md5,傳入參數有:加密鹽,密碼,settings.py中設置SECRET_KEY; # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. # 如果新的用戶登錄; # 為了避免存在的session與其他認證通過的用戶一致,需要清除原來的session, # 並且重新創建一個session來存放新用戶; # 源碼中有這么兩個判斷: if user is None: user = request.user ... if hasattr(request, 'user'): request.user = user # 如果有新用戶發起登錄請求,就將這個對象放到request中; # 所以在前端可以通過{% if request.user.is_authenticated %}來判斷是否登錄; # rotate_token(request) # 這個方法對防csrf跨站請求偽造,在表單input增加的value進行了update隨機更新操作; # 每次登錄都會更新一次; # user_logged_in.send(sender=user.__class__, request=request, user=user) # Returns a list of tuple pairs [(receiver, response), ... ]. # 下面這段話大致的意思是,如果django中的信號器只有一條線路,那么當某一個用戶 # 登錄產生異常的話,線路上的其他用戶也會接受到錯誤信息; # 所以,django將每個用戶以各自返回的數據放到元組中,以列表的形式return給send(); """ Send signal from sender to all connected receivers. If any receiver raises an error, the error propagates(傳播) back through send, terminating(結束) the dispatch(派遣) loop, so it is quite possible to not have all receivers called if a raises an error. Arguments: sender The sender of the signal Either a specific object or None. named Named arguments which will be passed to receivers. Returns a list of tuple pairs [(receiver, response), ... ]."""