Flask in the cookie and session presentation

Flask in the cookie and session presentation

Introduction

In the Web site, http request is stateless is. In other words, even after the first time and server connection and login is successful, a second request to the server still does not know the current request which user. cookie appears to solve this problem, for the first time after the login server returns some data (cookie) to the browser, and then stored in the local browser when the user sends a second request, it will automatically put the last request cookie stored data is automatically carried to the server, the data carried by the browser will be able to determine the current user is which. A limited amount of data stored cookie, different browsers have different storage sizes, but generally not more than 4KB. So use a cookie can only store some small amount of data.

And the role of session cookie is somewhat similar, is to store the user information about it. The difference is, cookie is stored in the local browser, and stored on the server session. Data stored on the server will be more secure, not easily stolen. But stored on the server also has some drawbacks, is to consume server resources, but now the server has been developed so far, some of the information session is more than enough.

cookie and session in conjunction with

WEB development so far, cookie and session usage there have been some very mature program, in today's market or enterprise, there are generally two types of storage:

  • Stored on the server: by storing a cookie session_id, then the specific data is stored in session, if the user has logged in, the server will save the session_id in a cookie, the next time again request, will carry up the session_id server retrieves the user's session in session library data based on session_id. The user will be able to know who in the end is, as well as some of the previously saved state information. This jargon is called the server side session.
  • Stored on the client: the session data is encrypted and then stored in a cookie. This jargon is called the client side session. flask is used in this embodiment, but may be replaced by other forms.

flask of session

session mechanism flask is: After the encrypted sensitive data into session, and then then sessionstored in cookiethe beginning of the subsequent request, and then sent from the browser over the cookieread session, and then the sessionread sensitive data and decrypts the data to obtain the final user.
flask mechanism of this session, you can save the cost of a server, because all the information is stored in the client (browser)

Examples

Configuration

In the configuration file config.py join secret_key:

= Of SECRET_KEY ' XXXXXXXXX '     # string of random character string encrypted session as salt value

Main app configuration file reference:

from flask import Flask,session
import config

app = Flask(__name__)
app.config.from_object(config)
# The app.config [ 'of SECRET_KEY'] = 'xxxxx' # may be arranged in the main app file directly, without introducing the configuration
View Code

Operating session

The method of operation of the operation dictionary same session

from flask import Flask,session
import os

app = Flask(__name__)
the app.config [ ' of SECRET_KEY ' ] = os.urandom (24)    # sets a random character string is encrypted salt 24.

# Set the session 
@ app.route ( ' / ' )
 DEF SET ():
    the session [ ' username ' ] = ' Jyang '        # dictionary to the same setting key 
    return  ' Success '


# 读取session
@app.route('/get')
def get():
    the session [ ' username ' ]          # method, if the contents do not exist, will be reported abnormal 
    Session.get ( ' username ' )      # Second method, if the contents do not exist, returns None. Recommended 
    return Session.get ( ' username ' )
    

# 删除session
@app.route('/delete/')
def delete():

    session.pop ( ' username ' )          # dictionary pop method removes a specified value session 
    Session.clear                    # delete session all values 
    return  ' Success '


if __name__ == '__main__':
    app.run()
View Code

Set session expiration time

  • If you do not specify the expiration time of the session, the default is automatically ended after the browser is closed
  • Set the session of permanent property is True, then the expiration time is 31 days (session.permanent = True)
  • You can change the expiration time to app.config setting PERMANENT_SESSION_LIFETIME, the data type of this value is datetime.timedela type.
"""config.py"""
from datetime import timedelta
import os

Of SECRET_KEY = os.urandom (24)          # generates a random string of 24 characters 
PERMANENT_SESSION_LIFETIME = timedelta (Days =. 7)   # Set days effective session7
View Code

 

 

 

Guess you like

Origin www.cnblogs.com/ls011218/p/11817267.html