Python Tornado绑定Session

session.py

import secrets

ALL_USER_DIC = {}


class Session:
    def __init__(self, handler):
        self.handler = handler
        self.random_index_str = None

    def __get_random_str(self):
        return secrets.token_urlsafe()

    def __setitem__(self, key, value):
        if not self.random_index_str:
            random_index_str = self.handler.get_secure_cookie("__sson__", None)
            if not random_index_str:
                self.random_index_str = self.__get_random_str()
                self.handler.set_secure_cookie('__sson__', self.random_index_str)
                ALL_USER_DIC[self.random_index_str] = {}
            else:
                if self.random_index_str not in ALL_USER_DIC.keys():
                    self.random_index_str = self.__get_random_str()
                    ALL_USER_DIC[self.random_index_str] = {}
        ALL_USER_DIC[self.random_index_str][key] = value
        self.handler.set_secure_cookie('__sson__', self.random_index_str)

    def __getitem__(self, key):
        self.random_index_str = self.handler.get_secure_cookie('__sson__', None)
        if not self.random_index_str:
            return None
        else:
            self.random_index_str = str(self.random_index_str, encoding="utf-8")
            current_user = ALL_USER_DIC.get(self.random_index_str, None)
            if not current_user:
                return None
            else:
                return current_user.get(key, None)

app.py

import tornado.web
import tornado.ioloop
from session import Session


class BaseHandler(tornado.web.RequestHandler):
    def initialize(self):
        self.session = Session(self)


class IndexHandler(BaseHandler):
    def get(self):
        self.render("a.html")

    def post(self):
        if self.get_argument('name', None) == 'XerCis':
            self.session['is_login'] = True
            self.session['name'] = self.get_argument('name')
            self.redirect('/admin')
        else:
            self.write('登录失败, 请重新登录!')


class AdminHandler(BaseHandler):
    def get(self):
        if self.session['is_login']:
            self.write('欢迎%s回来.' % (self.session['name']))
        else:
            self.redirect('/index')


settings = {
    "cookie_secret": 'test-secret,',
    'template_path': 'template',
}

application = tornado.web.Application([
    (r"/index", IndexHandler),
    (r"/admin", AdminHandler),
], **settings)

if __name__ == '__main__':
    print("http://localhost:7777/admin")
    application.listen(7777)
    tornado.ioloop.IOLoop.instance().start()

template/a.html

<!DOCTYPE html>
<head>
    <title>login</title>
</head>
<body>
<form action="/index" method="post">
    name: <input type="text" name="name"><br>
    <input type="submit" value="login">
</form>
</body>
</html>

结果

运行app.py，访问http://localhost:7777/admin，页面会自动跳转到index，输入XerCis，会生成Session并记录，关掉页面后再次访问http://localhost:7777/admin依然有该Session

参考文献

1. tornado自定义的session
2. Python生成SessionID