• Flask之session


    session是建立在Cookies基础上的技术,用于flask中存储不同请求间用户的信息,要使用session你必须设置一个secret_key,用于对Cookies进行密钥签名。如下:

    from flask import Flask, render_template, session, request, redirect
    
    app = Flask(__name__)
    app.secret_key = 'md_hgh58jk'  # 使用session前需要设置该选项,用于对返回前台的cookie进行加密
    
    
    @app.route('/login')
    def login():
        # 登录成功,设置sesion,保存用户信息
        if request.method == 'POST':
            session['username'] = request.form['username']
            session['password'] = request.form['password']
            return redirect('/index')
        return render_template('login.html')

    对于为什么需要使用secret_key这样的参数,源码中是使用这个当作salt进行加密,当save_session时response调用set_cookie,回写cookie。

        def save_session(self, app, session, response):
            domain = self.get_cookie_domain(app)
            path = self.get_cookie_path(app)
    
            # If the session is modified to be empty, remove the cookie.
            # If the session is empty, return without setting the cookie.
            if not session:
                if session.modified:
                    response.delete_cookie(
                        app.session_cookie_name, domain=domain, path=path
                    )
    
                return
    
            # Add a "Vary: Cookie" header if the session was accessed at all.
            if session.accessed:
                response.vary.add("Cookie")
    
            if not self.should_set_cookie(app, session):
                return
    
            httponly = self.get_cookie_httponly(app)
            secure = self.get_cookie_secure(app)
            samesite = self.get_cookie_samesite(app)
            expires = self.get_expiration_time(app, session)
            val = self.get_signing_serializer(app).dumps(dict(session)) 
            response.set_cookie(
                app.session_cookie_name,
                val,
                expires=expires,
                httponly=httponly,
                domain=domain,
                path=path,
                secure=secure,
                samesite=samesite,
            )

    上面的val就是通过secret参数加密后的结果,写入cookie。完整的源码(from flask import session)如下:

    class SecureCookieSessionInterface(SessionInterface):
        """The default session interface that stores sessions in signed cookies
        through the :mod:`itsdangerous` module.
        """
    
        #: the salt that should be applied on top of the secret key for the
        #: signing of cookie based sessions.
        salt = "cookie-session"
        #: the hash function to use for the signature.  The default is sha1
        digest_method = staticmethod(hashlib.sha1)
        #: the name of the itsdangerous supported key derivation.  The default
        #: is hmac.
        key_derivation = "hmac"
        #: A python serializer for the payload.  The default is a compact
        #: JSON derived serializer with support for some extra Python types
        #: such as datetime objects or tuples.
        serializer = session_json_serializer
        session_class = SecureCookieSession
    
        def get_signing_serializer(self, app):
            if not app.secret_key:
                return None
            signer_kwargs = dict(
                key_derivation=self.key_derivation, digest_method=self.digest_method
            )
            return URLSafeTimedSerializer(
                app.secret_key,
                salt=self.salt,
                serializer=self.serializer,
                signer_kwargs=signer_kwargs,
            )
    
        def open_session(self, app, request):
            s = self.get_signing_serializer(app)
            if s is None:
                return None
            val = request.cookies.get(app.session_cookie_name)
            if not val:
                return self.session_class()
            max_age = total_seconds(app.permanent_session_lifetime)
            try:
                data = s.loads(val, max_age=max_age)
                return self.session_class(data)
            except BadSignature:
                return self.session_class()
    
        def save_session(self, app, session, response):
            domain = self.get_cookie_domain(app)
            path = self.get_cookie_path(app)
    
            # If the session is modified to be empty, remove the cookie.
            # If the session is empty, return without setting the cookie.
            if not session:
                if session.modified:
                    response.delete_cookie(
                        app.session_cookie_name, domain=domain, path=path
                    )
    
                return
    
            # Add a "Vary: Cookie" header if the session was accessed at all.
            if session.accessed:
                response.vary.add("Cookie")
    
            if not self.should_set_cookie(app, session):
                return
    
            httponly = self.get_cookie_httponly(app)
            secure = self.get_cookie_secure(app)
            samesite = self.get_cookie_samesite(app)
            expires = self.get_expiration_time(app, session)
            val = self.get_signing_serializer(app).dumps(dict(session))
            response.set_cookie(
                app.session_cookie_name,
                val,
                expires=expires,
                httponly=httponly,
                domain=domain,
                path=path,
                secure=secure,
                samesite=samesite,
            )
    SecureCookieSessionInterface
  • 相关阅读:
    2013 蓝桥杯B组C++
    Kruskal 算法 && Kruskal 重构树
    并查集与其优化(启发式合并、压缩路径)
    【2021 首祭】一周晴天
    Docker以过时,看Containerd怎样一统天下
    史上最全的Nginx配置文档
    Windows环境Android studio运行RN项目,Node突然闪退
    solr docker 配置
    腾讯2017暑期实习生编程题详解
    华为2016研发工程师编程题详解
  • 原文地址:https://www.cnblogs.com/shenjianping/p/13236920.html
Copyright © 2020-2023  润新知