Flask in the cookie and session presentation
Introduction
In the Web site, http request is stateless is. In other words, even after the first time and server connection and login is successful, a second request to the server still does not know the current request which user. cookie appears to solve this problem, for the first time after the login server returns some data (cookie) to the browser, and then stored in the local browser when the user sends a second request, it will automatically put the last request cookie stored data is automatically carried to the server, the data carried by the browser will be able to determine the current user is which. A limited amount of data stored cookie, different browsers have different storage sizes, but generally not more than 4KB. So use a cookie can only store some small amount of data.
And the role of session cookie is somewhat similar, is to store the user information about it. The difference is, cookie is stored in the local browser, and stored on the server session. Data stored on the server will be more secure, not easily stolen. But stored on the server also has some drawbacks, is to consume server resources, but now the server has been developed so far, some of the information session is more than enough.
cookie and session in conjunction with
WEB development so far, cookie and session usage there have been some very mature program, in today's market or enterprise, there are generally two types of storage:
- Stored on the server: by storing a cookie session_id, then the specific data is stored in session, if the user has logged in, the server will save the session_id in a cookie, the next time again request, will carry up the session_id server retrieves the user's session in session library data based on session_id. The user will be able to know who in the end is, as well as some of the previously saved state information. This jargon is called the server side session.
- Stored on the client: the session data is encrypted and then stored in a cookie. This jargon is called the client side session. flask is used in this embodiment, but may be replaced by other forms.
flask of session
session mechanism flask is: After the encrypted sensitive data into session
, and then then session
stored in cookie
the beginning of the subsequent request, and then sent from the browser over the cookie
read session
, and then the session
read sensitive data and decrypts the data to obtain the final user.
flask mechanism of this session, you can save the cost of a server, because all the information is stored in the client (browser)
Examples
Configuration
In the configuration file config.py join secret_key:
= Of SECRET_KEY ' XXXXXXXXX ' # string of random character string encrypted session as salt value
Main app configuration file reference:
from flask import Flask,session import config app = Flask(__name__) app.config.from_object(config) # The app.config [ 'of SECRET_KEY'] = 'xxxxx' # may be arranged in the main app file directly, without introducing the configuration
Operating session
The method of operation of the operation dictionary same session
from flask import Flask,session import os app = Flask(__name__) the app.config [ ' of SECRET_KEY ' ] = os.urandom (24) # sets a random character string is encrypted salt 24. # Set the session @ app.route ( ' / ' ) DEF SET (): the session [ ' username ' ] = ' Jyang ' # dictionary to the same setting key return ' Success ' # 读取session @app.route('/get') def get(): the session [ ' username ' ] # method, if the contents do not exist, will be reported abnormal Session.get ( ' username ' ) # Second method, if the contents do not exist, returns None. Recommended return Session.get ( ' username ' ) # 删除session @app.route('/delete/') def delete(): session.pop ( ' username ' ) # dictionary pop method removes a specified value session Session.clear # delete session all values return ' Success ' if __name__ == '__main__': app.run()
Set session expiration time
- If you do not specify the expiration time of the session, the default is automatically ended after the browser is closed
- Set the session of permanent property is True, then the expiration time is 31 days (session.permanent = True)
- You can change the expiration time to app.config setting PERMANENT_SESSION_LIFETIME, the data type of this value is datetime.timedela type.
"""config.py""" from datetime import timedelta import os Of SECRET_KEY = os.urandom (24) # generates a random string of 24 characters PERMANENT_SESSION_LIFETIME = timedelta (Days =. 7) # Set days effective session7