我刚刚将这个SSL中间件添加到我的网站http://www.djangosnippets.org/snippets/85/,我过去只保护我的登录页面,因此密码不会以明文形式发送.当然,当用户离开该页面时,他突然退出了.我理解为什么会这样,但有没有办法将cookie传递给HTTP,以便用户可以保持登录状态?
如果没有,是否有一种简单的方法可以将HTTPS用于登录页面(可能还有注册页面),然后在用户登录时保持HTTPS,但如果用户不登录则切换回HTTP在?
两个登录用户都可以看到很多页面,因此我不能将某些页面指定为HTTP或HTTPS.
实际上,像这样修改中间件似乎效果很好:
class SSLRedirect:
def process_view(self, request, view_func, view_args, view_kwargs):
if 'SSL' in view_kwargs:
secure = view_kwargs['SSL']
del view_kwargs['SSL']
else:
secure = False
if request.user.is_authenticated():
secure = True
if not secure == self._is_secure(request):
return self._redirect(request, secure)
def _is_secure(self, request):
if request.is_secure():
return True
#Handle the Webfaction case until this gets resolved in the request.is_secure()
if 'HTTP_X_FORWARDED_SSL' in request.META:
return request.META['HTTP_X_FORWARDED_SSL'] == 'on'
return False
def _redirect(self, request, secure):
protocol = secure and "https://secure" or "http://www"
newurl = "%s.%s%s" % (protocol,settings.DOMAIN,request.get_full_path())
if settings.DEBUG and request.method == 'POST':
raise RuntimeError, \
"""Django can't perform a SSL redirect while maintaining POST data.
Please structure your views so that redirects only occur during GETs."""
return HttpResponsePermanentRedirect(newurl)
| 归档时间: |
|
| 查看次数: |
7958 次 |
| 最近记录: |