Flask session源码分析

基本用法

from flask import session

@app.route(/‘,method=['GET','POST'])
def index():
	session['name'] = 'xxx'
	return 'index'


@app.route(/test‘,method=['GET','POST'])
def test():
	print(session['name'])
	return 'test'

打印值: xxx

源码分析

Flask类下有一个属性session_interface
它是SecureCookieSessionInterface的实例化

class SecureCookieSessionInterface(SessionInterface):
    #: the salt that should be applied on top of the secret key for the
    #: signing of cookie based sessions.
    salt = "cookie-session"
    #: the hash function to use for the signature.  The default is sha1
    digest_method = staticmethod(hashlib.sha1)

    key_derivation = "hmac"

    serializer = session_json_serializer
    session_class = SecureCookieSession

    def get_signing_serializer(self, app):
        if not app.secret_key:
            return None
        signer_kwargs = dict(
            key_derivation=self.key_derivation, digest_method=self.digest_method
        )
        return URLSafeTimedSerializer(
            app.secret_key,
            salt=self.salt,
            serializer=self.serializer,
            signer_kwargs=signer_kwargs,
        )

    def open_session(self, app, request):
        s = self.get_signing_serializer(app)
        if s is None:
            return None
        val = request.cookies.get(app.session_cookie_name)
        if not val:
            return self.session_class()
        max_age = total_seconds(app.permanent_session_lifetime)
        try:
            data = s.loads(val, max_age=max_age)
            return self.session_class(data)
        except BadSignature:
            return self.session_class()

    def save_session(self, app, session, response):
        domain = self.get_cookie_domain(app)
        path = self.get_cookie_path(app)

        if not session:
            if session.modified:
                response.delete_cookie(
                    app.session_cookie_name, domain=domain, path=path
                )

            return

        if session.accessed:
            response.vary.add("Cookie")

        if not self.should_set_cookie(app, session):
            return

        httponly = self.get_cookie_httponly(app)
        secure = self.get_cookie_secure(app)
        samesite = self.get_cookie_samesite(app)
        expires = self.get_expiration_time(app, session)
        val = self.get_signing_serializer(app).dumps(dict(session)) #将session转成字典变成字符串
        #get_signing_serializer是其内置的加密方式
        response.set_cookie(
            app.session_cookie_name, #去配置文件当中去获取键值对'SESSION_COOKIE_NAME':'session'
            val,  #字符串格式
            expires=expires, #超时时间
            httponly=httponly, #是否可被js代码获取
            domain=domain,  #cookie的生效域名
            path=path, #使cookie生效的路径
            secure=secure, #浏览器将通过https来回传cookie
            samesite=samesite,
        )

这个类一共有三个方法get_signing_serializeropen_sessionsave_session

save_session中重写cookie:

def save_session(self, app, session, response):
	 if not session:
	 #判断session是否修改过,修改过的意思是,进入view时候session中被添加了键值对或删除了键值对
	            if session.modified: 
	            #如果修改过把原来的cookie全部删除重新设置值
	                response.delete_cookie(
	                    app.session_cookie_name, domain=domain, path=path

savesession下有一个get_signing_serializer方法对session进行加密

    def get_signing_serializer(self, app):
        if not app.secret_key:
            return None
        signer_kwargs = dict(
            key_derivation=self.key_derivation, digest_method=self.digest_method
        )
        return URLSafeTimedSerializer(
            app.secret_key,#采用配置文件中的secret_key进行加密
            salt=self.salt,
            serializer=self.serializer,
            signer_kwargs=signer_kwargs,
        )

注释:如果要保存到数据库的话就重写open_sessionsave_session方法。

posted @ 2019-07-17 21:40  不会玩python  阅读(4)  评论(0编辑  收藏  举报