cookie的设置和获取
1 import time 2 from tornado.web import RequestHandler 3 4 5 class IndexHandle(RequestHandler): 6 def get(self): 7 # 设置cookie 8 self.set_cookie('username', 'ivy') 9 # 设置过期时间为60s 10 self.set_cookie('username', 'ivy', expires=time.time() + 60) 11 # 设置过期时间为2天 12 self.set_cookie('username', 'ivy', expires_days=2) 13 # 当httponly为True时,网页的js代码无法获取该cookie 14 self.set_cookie('username', 'ivy', httponly=True) 15 # 设置cookie的过期时间为2分钟,max_age的优先级大于expires 16 self.set_cookie('username', 'ivy', max_age=120, expires=time.time() + 60) 17 # 设置加密的cookie,设置加密必须到app的里面去新增一个cookie_secret的参数,让这个参数等于一个字符串(盐) 18 self.set_secure_cookie('username', 'ivy') 19 20 21 # 获取cookie 22 self.get_cookie('ivy') 23 # 获取加密的cookie, 返回字节数据 24 self.get_secure_cookie('username')
登录验证
1 from tornado.web import RequestHandler, Application, authenticated 2 from tornado.httpserver import HTTPServer 3 from tornado.options import options, define 4 from tornado.ioloop import IOLoop 5 from util import uimethods, uimodules 6 7 define('port', default=7981, type=int) 8 9 10 class BaseHandle(RequestHandler): 11 def get_current_user(self): 12 current_user = self.get_secure_cookie('username') 13 if current_user: 14 return current_user 15 return None 16 17 18 class IndexHandle(BaseHandle): 19 @authenticated 20 def get(self): 21 self.render('index.html') 22 23 24 class LoginHandle(RequestHandler): 25 def get(self): 26 self.render('login.html') 27 28 def post(self): 29 username = self.get_argument('username') 30 password = self.get_argument('password') 31 if username == password: 32 self.set_cookie(username, password) 33 self.write('登录成功!') 34 35 36 application = Application( 37 handlers=[ 38 (r'/index', IndexHandle), 39 (r'/login', LoginHandle), 40 ], 41 template_path='templates', 42 ui_methods=uimethods, 43 ui_modules=uimodules, 44 login_url='/login', 45 ) 46 47 if __name__ == '__main__': 48 options.parse_command_line() 49 app = HTTPServer(application) 50 app.listen(options.port) 51 IOLoop.current().start()
- 在登录成功之后设置cookie
- 新建base类,重写get_current_user方法
- get_current_user:当当前的cookie中有特定的值的时候,返回该值
- 导入authenticated方法
- 在需要检测时候登录的方法页面调用该函数(装饰器的方法)
- 在app里面配置一条login_url的参数,当检测到未登录的时候(get_current_user返回None)就让页面跳转到该路由下
验证登录后跳转回原页面
1 from tornado.web import RequestHandler, authenticated 2 3 4 class BaseHandle(RequestHandler): 5 def get_current_user(self): 6 current_user = self.get_cookie('login') 7 if current_user: 8 return current_user 9 10 11 class IndexHandle(BaseHandle): 12 @authenticated 13 def get(self): 14 self.write('index 页面') 15 16 17 class LoginHandle(BaseHandle): 18 def get(self): 19 next_url = self.get_argument('next', '') 20 self.render('login.html', next_url=next_url) 21 22 def post(self): 23 username = self.get_argument('username', '') 24 password = self.get_argument('password', '') 25 next_url = self.get_argument('next', '') 26 if username == password and next_url: 27 self.set_secure_cookie('login', 'true') 28 self.redirect(next_url) 29 elif username == password: 30 self.set_secure_cookie('login', 'true') 31 self.write('登录成功!')
1 from tornado.web import Application 2 from tornado.options import options 3 from tornado.httpserver import HTTPServer 4 from tornado.ioloop import IOLoop 5 import handles 6 7 settings = { 8 'template_path': 'templates', 9 'static_path': 'static', 10 'cookie_secret': 'summer', 11 'login_url': '/login' 12 13 } 14 15 urlpatterns = [ 16 (r'/login', handles.LoginHandle), 17 (r'/index', handles.IndexHandle), 18 ] 19 20 app = Application(handlers=urlpatterns, **settings) 21 22 if __name__ == '__main__': 23 options.parse_command_line() 24 http = HTTPServer(app) 25 http.listen(80) 26 IOLoop.current().start()
- 当用户未登录直接访问index页面的时候,因为配置了验证登录(authenticated),所以他会直接跳转到login_url,并且url附带next参数
- 在登录页面获取这个next参数,如果没有默认为空,将这个参数传到页面的action中
- 在form表单提交后,在post方法里获取这个next参数,如果用户名和密码正确,并且存在这个next参数,就直接跳转到next参数所指向的url
- 若没有,就跳到正常登陆页面。
Session
- 使用前的配置:
- pip install redis
- pip install pycket
- settings配置:
1 from tornado.web import Application 2 from tornado.options import options 3 from tornado.httpserver import HTTPServer 4 from tornado.ioloop import IOLoop 5 import handles 6 7 settings = { 8 'template_path': 'templates', 9 'static_path': 'static', 10 'cookie_secret': 'summer', 11 'login_url': '/login', 12 'pycket': { 13 'engine': 'redis', 14 'storage': { 15 'host': 'localhost', 16 'port': 6379, 17 'db_sessions': 6, 18 'db_notifications': 11, 19 'max_connections': 3 * 10, 20 }, 21 'cookies': { 22 'expires_days': 7, 23 'max_age': 100 24 }, 25 }, 26 } 27 28 urlpatterns = [ 29 (r'/login', handles.LoginHandle), 30 (r'/index', handles.IndexHandle), 31 ] 32 33 app = Application(handlers=urlpatterns, **settings) 34 35 if __name__ == '__main__': 36 options.parse_command_line() 37 http = HTTPServer(app) 38 http.listen(1996) 39 IOLoop.current().start()
如果redis有密码,在配置项里加一个password就可以了
- 使用:
1 from tornado.web import RequestHandler, authenticated 2 from pycket.session import SessionMixin 3 4 5 class BaseHandle(RequestHandler, SessionMixin): 6 def get_current_user(self): 7 current_user = self.session.get('login') 8 if current_user: 9 return current_user 10 11 12 class IndexHandle(BaseHandle): 13 @authenticated 14 def get(self): 15 self.write('index 页面') 16 17 18 class LoginHandle(BaseHandle): 19 def get(self): 20 next_url = self.get_argument('next', '') 21 self.render('login.html', next_url=next_url) 22 23 def post(self): 24 username = self.get_argument('username', '') 25 password = self.get_argument('password', '') 26 next_url = self.get_argument('next', '') 27 if username == password and next_url: 28 self.session.set('login', 'true') 29 self.redirect(next_url) 30 elif username == password: 31 self.set_secure_cookie('login', 'true') 32 self.write('登录成功!')
- 导入SessionMinxin
- 让BaseHandle继承自SessionMinxin
- 设置session
- self.session.set(key, value)
- 获取session
- self.session.get(key)
xsrf:
在form表单的html里面加入{% module xsrf_form_html() %}即可