import tornado.web
import tornado.ioloop
session_id = 1
class MainHandler(tornado.web.RequestHandler):
def get(self):
global session_id
if not self.get_secure_cookie('session'):
self.set_secure_cookie('session', str(session_id))
session_id += 1
self.write('you have set a new session')
else:
print(self.get_secure_cookie('session'))
self.write('you session was set')
def testApp():
return tornado.web.Application([(r'/', MainHandler),], cookie_secret="SESSION_DONT_SHOW")
def main():
app = testApp()
app.listen(8887)
tornado.ioloop.IOLoop.current().start()
if __name__ == "__main__":
main()
# tornado.web_RequestHandler.clear_all_cookies()
cookies总是被保存在客户端,所以cookies必须信息加密,而tornado.web.Application对象初始化赋予cookie_secret参数,用于保存本网站cookies加密密钥
身份认证代码:
import tornado.web
import tornado.ioloop
from tornado import gen
import uuid #UUID生成库
dict_session = {}
class BaseHandler(tornado.web.RequestHandler): #公共基类
def get_current_user(self):
session_id = self.get_secure_cookie('session_id')
return dict_session.get(session_id)
class MyHandler(BaseHandler):
@tornado.web.authenticated
def get(self):
name = tornado.escape.xhtml_escape(self.current_user) #执行之前根据curren_user是否已经被赋值来判断用户的身份认证情况,已经被赋值,进行正常逻辑操作,不能则自动重定向为登录界面
self.write('Hi' + name)
class LoginHandler(BaseHandler):
def get(self): #登录界面
self.write('<html><body>'
'<form action="/login" method="post">'
'Name:<input type="text" name="name">'
'<input type="submit" value="Sign in">'
'</form>'
'</body></html>')
def post(self): #验证是否允许登录
if len(self.get_argument("name")) < 3:
self.redirect('/login')
session_id = str(uuid.uuid1())
dict_session[session_id] = self.get_argument('name')
self.set_secure_cookie("session_id", session_id)
self.redirect('/')
myapp = tornado.web.Application([(r"/", MyHandler),
(r'login', LoginHandler),]
cookie_secret = "SECRET_DONT_SHOW", #cookies加密
login_url:'/login') #login_url用于tornado.web.authenticated装饰器发现用户尚未验证时重定向到一个URL
def main():
myapp.listen(8888)
tornado.ioloop.IOLoop.current().start()
if __name__ == "__main__":
main()