Tornado Identity Authentication Framework
"""
Tornado 中使用 RequestHandler.get_cookie()、RequestHandler.set_cookie() 可以对cookie进行读写操作。
"""
# 例子:
import tornado.web
session_id = 1
class MainHandler(tornado.web.RequestHandler):
def get(self):
if not self.get_cookie("session"): # 判断 session 是否存在
slef.set_cookie("session",str(session_id)) # 插入session 值
session_id = session_id + 1
self.write("your session got a new session!")
else:
self.write("your session was set!")
Website uses secure cookies
# tornado为用户提供了 Cookie信息加密的机制,使客户端无法随意的解析贺修改Cookie的键值
import tornado.web
import tornado,ioloop
session_id = 1
class MainHandler(tornado.web.RequestHandler):
def get(self):
global session_id # 将session_id 声明为全局变量
# 获取加密后的 Cookie
if not self.get_secure_cookie("session"):
self.set_secure_cookie("session",str(session_id))
session_id = session_id + 1
self.write("your session got a new session!")
else:
self.write("your session was set!")
# cookie_secret 参数 —— 指定 cookie加密时密钥
application = tornado.web.Application([
(r"/",MainHandler),]cookie_secret = "SECRET_DONT_LEAK")
def main():
application.listen(8888)
tornado.ioloop.IOLoop.current().start()
if __name__ == "__main__":
main()
User authentication
import tornado.web
import tornado,ioloo
import uuid # uuid 生成库
dict_session = {} # 定义字典、用于保存所有登陆的Session
# 定义公共基类 - 继承自 tornado.web.RequestHandler
class BaseHandler(tornado.web.RequestHandler):
def get_current_user(self):
session_id = self.get_secure_cookie("session_id")
return dict_session.get(session_id)
class MainHandler(BaseHandler):
@rotnado.web.authenticated
def get(self):
name = tornado.escape.xhtml_escape(self.current_user)
self.write("Hello," + name)
class LoginHandler(BaseHandler):
def get(self):
self.write(
'<html><body>'
'<form action="/login" method="post">'
'Name:<input type="text" name="name">'
<input type="submit" value="Sign in">'
'</form>'
'</body></html>'
</html>
)
def post(self):
if len(self.get_argument("name"))<3:
self.redirect("/login")
sessoion_id = str(uuid.uuid1())
dict_sessions[session_id] = self.get_argument("name")
self.set_secure_cookie("session_id",session_id)
self.redirect("/")
application = tornado.web.Application([
(r"/",MainHandler),
(r"/login",LoginHandler),
]cookie_secret = "SECRET_DONT_LEAK")
def main():
application.listen(8888)
tornado.ioloop.IOLoop.current().start()
if __name__ == "__main__":
main()