清除浏览器缓存，直接访问 http://localhost/event_manage/，发现无需登陆，也可以直接访问该网页。

    Django中解决该问题的方法是，给对应的views.py中的方法加上装饰器 @login_required。

step1: 在views.py中加入如下代码

from django.shortcuts import render
from django.http import HttpResponse, HttpRequest, HttpResponseRedirect
from django.contrib import auth
from django.contrib.auth.decorators import login_required


# Create your views here.

# def index(request):
#     return HttpResponse("欢迎!")

def index(request):
    return render(request, "index.html")


def login_action(request):
    # request = HttpRequest(request)
    username = request.POST.get('username', '')
    password = request.POST.get('password', '')
    user = auth.authenticate(username=username, password=password)
    if user is not None:
        request.session['user'] = username # 将session信息记录到浏览器
        request.session['psw'] = password
        # Correct password, and the user is marked "active"
        auth.login(request, user)
        return HttpResponseRedirect('/event_manage/')
    else:
        return render(request, 'index.html', {'wronglyInput': '用户名或密码输入错误!'})

@login_required
def event_manage(request):
    username = request.session.get('user', '')  # 读取cookie
    password = request.session.get('psw', '')
    return render(request, "event_manage.html", {'user': username, 'psw': password})

step2: 重新尝试访问　http://localhost/event_manage/　，已经不能登陆了

step3: 虽然访问被成功限制了，但我们希望是自动跳转到index页面，让用户输入账号和密码。　注意上面的路径，@login_required会将其设置到 /account/login/的路径上去，那么只要我们在urls.py中做相应的路径设置，让其跳转到index页面即可。

urlpatterns = [
    url(r'^$', views.index),
    url(r'^index/$', views.index),
    url(r'^admin/', admin.site.urls),
    url(r'^login_action/', views.login_action),
    url(r'^event_manage/', views.event_manage),
    url(r'^accounts/login/$', views.index),  
]