{"id":5587,"date":"2022-11-16T02:40:20","date_gmt":"2022-11-16T02:40:20","guid":{"rendered":"https:\/\/www.pythontutorial.net\/?page_id=5587"},"modified":"2022-12-03T04:35:17","modified_gmt":"2022-12-03T04:35:17","slug":"django-sessions","status":"publish","type":"page","link":"https:\/\/www.pythontutorial.net\/django-tutorial\/django-sessions\/","title":{"rendered":"Django Sessions"},"content":{"rendered":"\n

Summary<\/strong>: in this tutorial, you’ll learn about how Django sessions work and how to set various settings for the session.<\/p>\n\n\n\n

Introduction to Django sessions #<\/a><\/h2>\n\n\n\n

Django has a session framework that supports both anonymous and user sessions. Django uses the session middleware to send and receive cookies.<\/p>\n\n\n\n

The following picture illustrates how the Django sessions work:<\/p>\n\n\n\n

\"django<\/figure>\n\n\n\n

When a web browser makes the first HTTP request to the web server, the session middleware starts a new session. The session middleware generates a large and random number which is called a session identifier and sends it back to the web browser as a cookie.<\/p>\n\n\n\n

For the subsequent requests, the session middleware matches the value sessionid<\/code> in the cookie sent by the web browser with the session identifier stored on the web server and associates the session data with the HTTP request object.<\/p>\n\n\n\n

To use sessions, you need to ensure that the MIDDLEWARE<\/code> settings of your project (settings.py<\/code>) contain the session middleware like this:<\/p>\n\n\n

MIDDLEWARE = [\n<\/span><\/span>    # other middleware<\/span>\n<\/span><\/span>    'django.contrib.sessions.middleware.SessionMiddleware'<\/span>,\n<\/span><\/mark>    # ...<\/span>\n<\/span><\/span>]\n<\/span><\/span><\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
The session middleware is added to the MIDDLEWARE<\/code> by default when you create a new project using the startproject<\/code> command.<\/p>\n\n\n\n
The session middleware enables sessions via the session<\/code> property of the request object (HttpRequest<\/code>):<\/p>\n\n\n
request.session<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
The request.session<\/code> is a dictionary that allows you to store and retrieve session data. The request.session<\/code> accepts any object that can be serialized to JSON by default.<\/p>\n\n\n\n
Unlike other objects, the request.session<\/code> persists from one HTTP request to the next request.<\/p>\n\n\n\n
To set a variable in the session, you can use the request.session<\/code> like this:<\/p>\n\n\n
request.session['visit'<\/span>] = 1<\/span><\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
This statement sets the visit variable to 1.<\/p>\n\n\n\n
To retrieve a session key, you use the get()<\/code> method of the request.session<\/code> object:<\/p>\n\n\n
request.session.get('visit'<\/span>)<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
To delete a key in the session, you use the del<\/code> statement:<\/p>\n\n\n
del<\/span> request.session['visit'<\/span>]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
Setting Django sessions #<\/a><\/h2>\n\n\n\n
By default, Django stores session data in a database using the Session<\/code> model of the django.contrib.sessions<\/code> application. However, you can choose other session engines using the SESSION_ENGINE<\/code>.<\/p>\n\n\n\n
Django provides you with the following options for storing session data:<\/p>\n\n\n\n
Options<\/th>Description<\/th><\/tr><\/thead>
Database sessions<\/td>Store session data in the django_session of the database. This is the default engine.<\/td><\/tr>
File-based sessions<\/td>Store session data in the filesystem.<\/td><\/tr>
Cached sessions<\/td>Store session data in a cache backend. To set the cache backend, you use the CACHES<\/code> setting.<\/td><\/tr>
Cached database sessions<\/td>Store session data in a write-through cache and database. If the data is not in the cache, Django will read the session data from the database.<\/td><\/tr>
Cookie-based sessions<\/td>Store session data in the cookies that are sent to the web browser.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Note that a cache-based session engine provides better performance in comparison with other session engines. <\/p>\n\n\n\n
Django supports Memcached out of the box. In addition, you can find a third-party package for managing cache backends for Redis and other cache systems.<\/p>\n\n\n\n
Besides the SESSION_ENGINE<\/code>, Django allows you to customize sessions with specific settings. The following table list the most important ones:<\/p>\n\n\n\n
Session settings<\/th>Description<\/th><\/tr><\/thead>
SESSION_COOKIE_AGE<\/td>The duration of session cookies in session. The default is two weeks (1,209,600 seconds)<\/td><\/tr>
SESSION_COOKIE_DOMAIN<\/td>Set the domain for session cookies. <\/td><\/tr>
SESSION_COOKIE_HTTPONLY<\/td>Set to True to prevent JavaScript from accessing the session cookie. It defaults to True, which increases security against user session hijacking.<\/td><\/tr>
SESSION_COOKIE_SECURE<\/td>Set to True to indicate that the cookie should only be sent if the connection is an HTTPS connection. It defaults to False.<\/td><\/tr>
SESSION_EXPIRE_AT_BROWSER_CLOSE<\/td>Set to True to expire the session when you close the browser. Its default value is False. If you set this to True, the SESSION_COOKIE_AGE won’t have any effect.<\/td><\/tr>
SESSION_SAVE_EVERY_REQUEST<\/td>Set to True to save the session and update session expiration to the database on every request. It defaults to False.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Django sessions example #<\/a><\/h2>\n\n\n\n
First, add a URL to the urlpatterns<\/code> in the urls.py<\/code> file:<\/p>\n\n\n
urlpatterns = [\n    path('visit\/'<\/span>, views.count_visit, name='visit'<\/span>)\n]<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
When you navigate to http:\/\/localhost:8000\/visit<\/code>, the count_visit<\/code> function in views.py will execute.<\/p>\n\n\n\n
Second, define the count_visit()<\/code> function in the views.py<\/code> file: <\/p>\n\n\n
def<\/span> count_visit<\/span>(request)<\/span>:<\/span>\n    visit = request.session.get('visit'<\/span>,0<\/span>) + 1<\/span>\n    request.session['visit'<\/span>] = visit\n    return<\/span> HttpResponse(f\"Visit count:{request.session['visit'<\/span>]}<\/span>\"<\/span>)<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
The count_visit()<\/code> function uses the request.session<\/code> to increase the visit<\/code> variable each time you visit the http:\/\/localhost:8000\/visit<\/code> URL. It also displays the current value of the visit<\/code> variable on the web page:<\/p>\n\n\n\n
\"django<\/figure>\n\n\n\n
The value of the sessionid is corresponding with the session_key in the django_session table:<\/p>\n\n\n\n
\"django<\/figure>\n\n\n\n
The session data is a string encoded using base64. To analyze it, you use the following code:<\/p>\n\n\n
from<\/span> base64 import<\/span> b64decode\n\ndata = base64decode('eyJ2aXNpdCI6MTF9:1ov84c:qngX5Woil1EDwGGylot0OrQtche6734UOApKJ4yp-BA'<\/span>)\nprint(data)<\/code><\/span>Code language:<\/span> Python<\/span> (<\/span>python<\/span>)<\/span><\/small><\/pre>\n\n\n
Output:<\/p>\n\n\n
b'{\"visit\":11}\\xd6\\x8b\\xfc\\xe1\\xca\\xa7\\x81~V\\xa2)u\\x10<\\x06\\x1b)h\\xb7C\\xabB\\xd7!{\\xae\\xf7\\xe1C\\x80\\xa4\\xa2x\\xca\\x90@'<\/code><\/span>Code language:<\/span> plaintext<\/span> (<\/span>plaintext<\/span>)<\/span><\/small><\/pre>\n\n\n
Summary #<\/a><\/h2>\n\n\n\n
    \n
  • A session is a variable that lives across requests.<\/li>\n\n\n\n
  • Django uses session middleware to manage sessions.<\/li>\n\n\n\n
  • Use request.session<\/code> to manage session data.<\/li>\n<\/ul>\n
    \n\t
    \n\t\t
    Was this tutorial helpful ?<\/div>\n\t\t
    \n\t\t\t\n\t\t\t\t\n\t\t\t\t\t<\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t Yes <\/span>\n\t\t\t<\/button>\n\n\t\t\t\n\t\t\t\t\n\t\t\t\t\t<\/path>\n\t\t\t\t<\/svg>\n\t\t\t\t No <\/span>\n\t\t\t<\/button>\n\t\t<\/div>\n\t<\/header>\n\n\t
    \n\t\t
    \n\t\t\t
    <\/div>\n\t\t\t