Take a look at the api view from django-rest-framework-jwt. It's an implementation for creating auth tokens rather than cookie sessions, but your implementation will be similar. See views.pyand serializers.py. You can probably use the serializers.pyunchanged, and just adjust your views to return the right parameters and possibly set the session cookie (can't recall if that's already performed in authentication).

查看django-rest-framework-jwt的 api 视图。它是用于创建身份验证令牌而不是 cookie 会话的实现，但您的实现将是相似的。查看views.py和serializers.py。您可能可以使用未serializers.py更改的，只需调整您的视图以返回正确的参数并可能设置会话 cookie（不记得是否已经在身份验证中执行了）。

If you want something like this I do the same thing however I use Token authentication.

如果你想要这样的东西，我会做同样的事情，但是我使用令牌身份验证。

Check out their token page here

在此处查看他们的令牌页面

This may not be what you want but the way I do it is (since I'm using it as a rest api endpoints for mobile clients)

这可能不是您想要的，但我这样做的方式是（因为我将它用作移动客户端的 rest api 端点）

I can do my url localhost:8000/api/users/ -H Authorization : Token A browser could then use the regular login page that you create at the provided rest framework url

我可以做我的网址localhost:8000/api/users/ -H Authorization : Token 然后浏览器可以使用您在提供的休息框架网址中创建的常规登录页面

url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')

url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework')

and to get tokens for 'login-less' navigation

并获得“免登录”导航的令牌

url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token')

url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token')

Then if you make calls and such you can pass the authorization tokens. Of course this is just how I do it and it's probably not the most efficient way but my goal was to create a way that I can provide users with session authentication for browsers and mobile access via tokens.

然后，如果您拨打电话等，您可以传递授权令牌。当然，这就是我的做法，它可能不是最有效的方法，但我的目标是创建一种方法，我可以通过令牌为用户提供浏览器和移动访问的会话身份验证。

Then in your views.py make sure you add the authentication requirements for that view. Almost the same as session authentication section

然后在您的 views.py 中确保为该视图添加身份验证要求。与会话身份验证部分几乎相同

permission_classes = (permissions.IsAdminUser,)

permission_classes = (permissions.IsAdminUser,)

but also include

但也包括

authentication_classes = (authentication.TokenAuthentication,)

authentication_classes = (authentication.TokenAuthentication,)

I hope this helps but if not, good luck on your search.

我希望这会有所帮助，但如果没有，祝您搜索顺利。

Of course token is a good way to authenticate, but questioner is asking about session authentication.

当然令牌是一种很好的身份验证方式，但提问者正在询问会话身份验证。

Request:

要求：

POST /api/v1/login  username='username' password='password' 

• Put csrftokenvalue at X-CSRFTokenin header
• Even though someone using emailas username filed, usernamename parameter is required for email input (e.g. username='[email protected]')

• 将csrftoken值X-CSRFToken放在标题中
• 即使有人使用email作为用户名提交，username电子邮件输入也需要名称参数（例如username='[email protected]'）

Response:

回复：

302 FOUND sessionid="blahblah"

• If you not specified nextvalue, it will automatically redirect into /accounts/profile/which can yield 404 error

• 如果你没有指定next值，它会自动重定向到/accounts/profile/哪个会产生 404 错误

Adding our views:

添加我们的观点：

from rest_framework_jwt.views import refresh_jwt_token

urlpatterns = [
    ...
    url(r'^rest-auth/', include('rest_auth.urls')),
    url(r'^rest-auth/registration/', include('rest_auth.registration.urls')),
    ...
    url(r'^refresh-token/', refresh_jwt_token),
]