Django會話在本地服務器上工作，但不在AWS服務器上

Question

在我的Django視圖中，我使用self.request.user來標識REST Framework API調用的用戶。當Django項目在我的筆記本電腦上的服務器上運行時，此代碼正常工作，代碼正確地獲取用戶。

我現在試圖在AWS EB上運行我的Django項目，並遇到self.request.user不再識別用戶的問題。正在進行API調用的應用程序代碼與Django服務器代碼完全相同。

我必須以某種方式調整我的服務器設置嗎？我的settings.py看起來是這樣的：

import os 

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) 

SECRET_KEY = '9-s0gj3$)(--+mgc^3qhy=iva#azu+7a@3=' 

DEBUG = True 

ALLOWED_HOSTS = [] 

INSTALLED_APPS = [ 
    'grappelli', 
    'django.contrib.admin', 
    'django.contrib.auth', 
    'django.contrib.contenttypes', 
    'django.contrib.sessions', 
    'django.contrib.messages', 
    'django.contrib.staticfiles', 
    'django.contrib.sites', 
    'allauth', 
    'allauth.account', 
    'allauth.socialaccount', 
    'allauth.socialaccount.providers.facebook', 
    'allauth.socialaccount.providers.google', 
    'allauth.socialaccount.providers.linkedin', 
    'allauth.socialaccount.providers.twitter', 
    'corsheaders', 
    'rest_framework', 
    'rest_framework.authtoken', 
    'rest_auth', 
    'imagekit', 
    #'blog', 
    'storages', 
    'items', 
    'userprofile', 
    'dashboard', 
    'twip', 
    'django.contrib.gis' 
] 

SITE_ID = 1 

MIDDLEWARE_CLASSES = [ 
    'django.middleware.security.SecurityMiddleware', 
    'django.contrib.sessions.middleware.SessionMiddleware', 
    'corsheaders.middleware.CorsMiddleware', 
    'django.middleware.common.CommonMiddleware', 
    'django.middleware.csrf.CsrfViewMiddleware', 
    'django.contrib.auth.middleware.AuthenticationMiddleware', 
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware', 
    'django.contrib.messages.middleware.MessageMiddleware', 
    'django.middleware.clickjacking.XFrameOptionsMiddleware', 
] 

ROOT_URLCONF = 'mysite.urls' 

TEMPLATES = [ 
    { 
     'BACKEND': 'django.template.backends.django.DjangoTemplates', 
     'DIRS': [os.path.join(BASE_DIR, 'templates')], 
     'APP_DIRS': True, 
     'OPTIONS': { 
      'context_processors': [ 
       'django.template.context_processors.debug', 
       'django.template.context_processors.request', 
       'django.contrib.auth.context_processors.auth', 
       'django.contrib.messages.context_processors.messages', 
       "django.core.context_processors.request", 
      ], 
     }, 
    }, 
] 

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend', 
    'allauth.account.auth_backends.AuthenticationBackend', 
    ) 

LOGIN_REDIRECT_URL = '/' 

SOCIALACCOUNT_QUERY_EMAIL = True 

SOCIALACCOUNT_PROVIDERS = { 
    'facebook': { 
     'SCOPE': ['email', 'publish_stream'], 
     'METHOD': 'js_sdk' # instead of 'oauth2' 
    } 
} 

# :TO DO: Remove this when we test proper email confirmation on the EB server. This sends confirmation email to the console 
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' 

WSGI_APPLICATION = 'mysite.wsgi.application' 

# Postgresql database on AWS server 
DATABASES = { 
    'default': { 
     'ENGINE': 'django.db.backends.postgresql_psycopg2', 
     'NAME': '', 
     'USER' : '', 
     'PASSWORD' : '', 
     'HOST': '', 
     'PORT': '5432', 
    } 
} 

AUTH_PASSWORD_VALIDATORS = [ 
    { 
     'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', 
    }, 
    { 
     'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', 
    }, 
] 

# Internationalization 
LANGUAGE_CODE = 'en-us' 

TIME_ZONE = 'Europe/Berlin' 

USE_I18N = True 

USE_L10N = True 

USE_TZ = True 


# STORE STATIC AND MEDIA FILES 
AWS_STORAGE_BUCKET_NAME = 'yhistory' 
AWS_ACCESS_KEY_ID = 'AKAAAA6AAAAYQ5JODCEA' 
AWS_SECRET_ACCESS_KEY = 'AAAATtVeCZLaAAAAQQxZ9g5biTJnAAAA7PP8YrlC' 
AWS_S3_CUSTOM_DOMAIN = '%s.s3.amazonaws.com' % AWS_STORAGE_BUCKET_NAME 

# Location of static files 
STATICFILES_LOCATION = 'static' 
PROJECT_ROOT = os.path.dirname(os.path.abspath(__file__)) 
STATIC_ROOT = os.path.join(PROJECT_ROOT, 'static') 
STATIC_URL = '/static/' 
STATICFILES_DIRS = (os.path.join('static'),) 

# Location of media files (photos etc.) 
MEDIAFILES_LOCATION = 'media' 
MEDIA_URL = "https://%s/%s/" % (AWS_S3_CUSTOM_DOMAIN, MEDIAFILES_LOCATION) 
DEFAULT_FILE_STORAGE = 'custom_storages.MediaStorage' 


REST_FRAMEWORK = { 
    'DEFAULT_AUTHENTICATION_CLASSES': ['rest_framework.authentication.TokenAuthentication'], 
    'DEFAULT_PERMISSION_CLASSES': [], 
    'PAGE_SIZE': 1000, # Max number of results returned from a list API call 
    'DEFAULT_FILTER_BACKENDS': ('rest_framework.filters.DjangoFilterBackend',), 
    # Use JSONRender so the Web API interface is not shown. This is needed when testing the app on the same server 
    'DEFAULT_RENDERER_CLASSES': (
     'rest_framework.renderers.JSONRenderer', 
    ) 
} 

CORS_ORIGIN_ALLOW_ALL = True # :PRODUCTION: Change this! If set to False the CORS whitelist is used 
CORS_ORIGIN_WHITELIST =() 
""" 
CORS_ORIGIN_WHITELIST = (
    'twip.co', 
    '127.0.0.1' 
) 
""" 
CORS_ORIGIN_REGEX_WHITELIST =() 
CORS_URLS_REGEX = '^.*$' 
CORS_ALLOW_METHODS = (
    'GET', 
    'POST', 
    'PUT', 
    'PATCH', 
    'DELETE', 
    'UPDATE', 
    'OPTIONS' 
) 
CORS_ALLOW_HEADERS = (
    'x-requested-with', 
    'content-type', 
    'accept', 
    'origin', 
    'authorization', 
    'x-csrftoken' 
) 
CORS_EXPOSE_HEADERS =() 
CORS_ALLOW_CREDENTIALS = False 

GRAPPELLI_ADMIN_TITLE = "The World Image Archive Admin Panel" 

Answer 1

可能的解決方案：

用下面的代碼片段取代REST框架默認驗證

'DEFAULT_AUTHENTICATION_CLASSES': (
     'rest_framework.authentication.SessionAuthentication', 
     'rest_framework.authentication.TokenAuthentication', 
    ) 

在你的settings.py文件添加此行詳細信息click here

WSGIPassAuthorization On