我正在为我的应用程序使用Django auth系统 . 我使用 AbstractUser 功能创建了一个 CustomUser 表来添加更多字段 .

//models.py

from django.contrib.auth.models import AbstractUser
from django.contrib.sessions.models import Session

class CustomUser(AbstractUser):

    addr1= models.CharField(max_length=20)
    addr2= models.CharField(max_length=20)
    city= models.CharField(max_length=20)
    state= models.CharField(max_length=20)

class UserSession(models.Model):
    user= models.ForeignKey(settings.AUTH_USER_MODEL)
    session=models.ForeignKey(Session)

//views.py

from .models import UserSession
from django.contrib.auth.signals import user_logged_in

def login(request):
    username = request.POST['username']
    password = request.POST['password']
    user = authenticate(username=username, password=password)
    if user is not None:
        if user.is_active:
            login(request, user)
            return HttpResponseRedirect('/Student_home.html')  # Redirect to a success page.
        else:
            return HttpResponse("disabled account")  # Return a 'disabled account' error message

    else:
        return HttpResponse("invalid login")  # Return an 'invalid login' error message.

def logout(request):
    logout(request)
    return HttpResponseRedirect('/Student_home.html')  # Redirect to a success page.

def user_logged_in_handler(sender,request,user, **kwargs):
    UserSession.objects.get_or_create(
        user= user,
        session_id= request.session.session_key
        )
user_logged_in.connect(user_logged_in_handler, sender=CustomUser)

def delete_user_sessions(CustomUser):
    user_sessions=UserSession.objects.filter(user=CustomUser)
    for user_session in user_sessions:
        user_session.session.delete()

//forms.py

from django.contrib.auth.forms import AuthenticationForm 
from django import forms

class LoginForm(AuthenticationForm):
    username = forms.CharField(label="Username", max_length=30, 
                               widget=forms.TextInput(attrs={'class': 'form-control', 'name': 'username'}))
    password = forms.CharField(label="Password", max_length=30, 
                               widget=forms.TextInput(attrs={'class': 'form-control', 'name': 'password'}))

//project/urls.py(外面的)

from django.contrib.auth import views
from student.forms import LoginForm

url(r'^login/$', views.login, {'template_name': 'login.html', 'authentication_form': LoginForm}, name='login'),
    url(r'^logout/$', views.logout, {'next_page': '/login'}),

//login.html

<div class="container">
        <section id="content">
            <form action="{% url 'login' %}" method="post" enctype="multipart/form-data">
                {% csrf_token %}
                <h1>Login Form</h1>

                <div class="imgcontainer">
                    <img src="{% static 'student/patient.jpg' %}" alt="Avatar" class="avatar">

                </div>

                <div class="username">
                    {{ form.username.label_tag }}
                    {{ form.username }}                 
                </div>

                <div class="password">
                    {{ form.password.label_tag }}
                    {{ form.password }}
                </div>

                <div class="submitb">
                    <input type="submit" value="Log In" name="mybtn">

                </div>

                <div class="resetb">
                    <input type="submit" value="Reset">
                    <a href="#forgotpwd">Forgot password?</a>

                </div>

                <input type="hidden" name="next" value="{{ next }}" />




            </form>
        </section>




    </div>

//settings.py

LOGIN_REDIRECT_URL = '/login/sample'

登录系统和身份验证系统工作正常 . 但这是问题所在 . 它没有't take any action when the user can'登录(错误的用户名和密码) . 但它确实被重定向到'sample'页面,我猜这是 settings.py 中的东西 . 此外,当用户注销时,用户不会被重定向到任何页面,尽管我已指定应将其重定向到主页 . 我认为控件没有进入'login'和'logout'视图 . 当用户注销时,会话也不会被删除,因为这些会话在django auth系统的'login()'和'logout()'函数上创建和删除 .

这有什么不对?

python django session django-authentication