session与cookie:
A cookie is a browser technology, and technology, the server is not a server is unable to directly manipulate the cookie, cookie response operation only how to tell the browser by returning Response. The session is more like a solution A solution for the server to store authorization information, different languages, different frameworks for the implementation of the session may have been different, and understanding of the operation of the session may not same. At the same time, it is a way to solve the session cookie security risks, information such as user names and passwords are stored in the session, and the session content can not be seen directly by the user.
session storage:
Server-generated session information can either be stored in the server (only the cookie session_id), can also be stored in the cookie (the browser cookie can not get to know the contents of the encrypted session) is encrypted, Flask is the use of the second mechanism.
Operating session:
Use `from flask import session` objects, session objects is equivalent to a dictionary, the dictionary can operate as it is operated to operate the session, such as: session [ 'username'] = 'xiaoming', session.get ( 'username') , session.pop ( 'username'), session.clear () and the like. Code after importing this session object directly to operational use, it will automatically be added back to the cookie and the browser will be automatically extracted from the access request in a cookie, so we do not need to manually add it to the Response the cookie, do not need to get out of hand in the cookie request.
session encryption:
When using the session, SECRET_KEY must be configured, this value is used to encrypt the session content and then returned to the browser. Such as: `app.config [ 'SECRET_KEY'] = os.urandom (24)`, i.e. 24-bit random number.
session is valid:
The default session cookie is valid and the same answer until the end of the browser. Can be set to `session.permanent = True` custom set period, at a time period of 31 days by default, if the configuration PERMANENT_SESSION_LIFETIME, the value of the item is subject to this arrangement, this type of configuration item` from datetime import timedelta` type. Such as: `app.config [ 'PERMANENT_SESSION_LIFETIME'] = timedelta (days = 7)`, i.e. valid for 7 days.
A simple example:
Import OS from datetime Import timedelta from Flask Import the Flask, session App = the Flask ( the __name__ ) # using the session must be configured SECRET_KEY, for encrypting the session the app.config [ ' of SECRET_KEY ' ] = os.urandom (24 ) # is not configured this when item, the default is 31 days after the configuration provided session.permanent = True, this configuration takes the value of the item. the app.config [ ' PERMANENT_SESSION_LIFETIME ' ] = timedelta (=. 7 Days ) @ app.route ( ' / ' ) DEF the hello_world (): #This session object is in fact equivalent to a dictionary, the dictionary can be used as a # after the session set here, this session will be automatically encrypted content into a cookie back to the browser # stored in the form of a cookie in the browser session is : adding a cookie in the "key-value pair", key to "session", value as a string of session content encryption. session [ ' username ' ] = ' xiaoming ' # Set session persistence, the default is False, which is valid until the end of the browser answer, set to True representation is valid for 31 days session.permanent = True return ' the Hello World! ' @app .route ( ' / username / ' ) DEF get_username (): # obtaining session information username = Session.get ( ' username ' ) return username or ' no user is logged! ' @ App.route ( ' / DELETE_USER / ' ) DEF del_user (): # delete session message username = session.pop ( ' username ' ) return ' {} successfully deleted! ' .Format (username) IF username the else ' Delete failed! ' IF the __name__ == ' __main__ ' : app.run (Debug = True)