(一)flask设置cookie
from flask import Flask, request, make_response
# 设置cookie
@app.route('/set_cookie', methods=['POST'])
def set_cookie():
response = make_response()
response.set_cookie('username', 'XiaoSong')
return response
# 获取cookie
@app.route('/get_cookie', methods=['POST'])
def get_cookie():
return request.cookies.get('username')
(二)flask设置session(安全的cookie)
from flask import Flask, session
import os
# 设置session
app = Flask(__name__)
app.secret_key = os.urandom(24) # secret_key一般是长度为24的随机字符串
@app.route('/set_session', methods=['POST'])
def set_session():
session['username'] = 'XiaoSong'
# 获取session。session其实就是键名为'session'的cookie
@app.route('/get_session', methods=['POST'])
def get_session():
return request.cookies.get('session')
(三)浏览器设置允许携带cookie
- 可能由很多小伙伴跟我一样,捣鼓半天,老是无法获取cookie,可能的原因就是浏览器端发送请求时,请求头没有设置允许携带cookie
withCredentials: true
// 以axios为例
API: function(_url, _method, _request) {
const options = {
method: _method,
data: JSON.stringify(_request),
url: _url,
withCredentials: true, // 允许携带cookie
};
return axios(options);
},
- 浏览器允许请求携带cookie后,服务器的
Access-Control-Allow-Origin不能再设置为’*’,需要设置白名单进行过滤,且需要设置Access-Control-Allow-Credentials: 'true'
response = make_response()
# 检查当前的Origin是否再白名单中
white_list = ['http://foo1.com:8080', 'http://foo2.com:5000']
allow_origin = ''
if request.headers['Origin'] in white_list:
allow_origin = request.headers['Origin']
response.headers["Access-Control-Allow-Origin"] = allow_origin
response.headers["Access-Control-Allow-Credentials"] = 'true'
