Flask中Cookie与Session操作(八)
HTTP的协议是一个无状态的协议,随着互联网技术的发展,需要记录下用户信息的操作,所以也就导致了
Cookie技术的发展,但是很遗憾的是Cookie它是存储在本地的,所以在信息安全的角度上,它并不是安全的,
特别是涉及到账户信息这些机密的信息,所以就有了Session,它是存储在服务端,这样存储在服务端相比
存储在本地安全的多。Falsk作为一个轻量级的WEB框架,在WEB的应用程序开发中,也会使用到操作Cookie
和SSession的相关技术。下面都是依据登录的案例来说明Flask框架中对Cookie和Session的程序操作。也就是
说输入账户和密码,判断账户是wuya,密码是admin,登录成功,在首页记录下登录账户的昵称信息,这是互联
网产品的基本形态。
见Flask程序的案例代码:
from flask import Flask,session,render_template,url_for,redirect,request app = Flask(__name__) @app.route('/index',methods=['GET','POST']) def index(): nick=request.cookies.get('username') return render_template('index.html',**{'nick':nick}) @app.route('/login',methods=['GET','POST']) def login(): if request.method=='GET': return render_template('login.html') else: username=request.form.get('username') password=request.form.get('password') if username=='wuya' and password=='admin': r=redirect(url_for('index')) r.set_cookie(key='username',value=username) return r if __name__ == '__main__': app.run()
在login的函数中,判断账户密码成功后,依据返回的Response信息对象r记录下用户需要记录的Cookie信息后然后
返回。在index的函数中获取到username键值对对应的value值信息,并且返回来,在模板文件中调用并且打印出来,
见login.html的文件源码:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>无涯课堂</title> </head> <body> <center> <form action="" method="post"> <p> 用户名:<input type="text" name="username" placeholder="请输入您的账户"> </p> <p> 密码:<input type="password" name="password" placeholder="请输入账户密码"> </p> <p> <input type="submit" value="登录"> </p> </form> </center> </body> </html>
见index.html的模板文件,在该模板文件里面调用了获取到的cookie信息,见原文件源码:
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>无涯课堂</title> </head> <body> <center> {{ nick }} 您好!欢迎您访问无涯课堂! </center> </body> </html>
见执行程序后,程序调用的请求过程信息:
在Flask程序中,Cookie是有默认的时效时间的,如果需要单独的设置,在设置cookie信息的时候, 需要在expires里面
设置cookie的时效信息。我们对代码做一个简单的修改,通过Session的实现记录下登录成功后的信息,见修改后的源码:
from flask import Flask,session,render_template,url_for,redirect,request import os app = Flask(__name__) #设置session的密钥 app.config['SECRET_KEY']=os.urandom(24) @app.route('/index',methods=['GET','POST']) def index(): nick=session['username'] return render_template('index.html',**{'nick':nick}) @app.route('/login',methods=['GET','POST']) def login(): if request.method=='GET': return render_template('login.html') else: username=request.form.get('username') password=request.form.get('password') if username=='wuya' and password=='admin': r=redirect(url_for('index')) session['username']=username return r if __name__ == '__main__': app.run()
在使用Session的时候,需要特别注意的是需要设置session的密钥,如果没有,就会出现如下错误,具体见如下:
FLASK_APP = ../../GITHUB/paas/app.py FLASK_ENV = development FLASK_DEBUG = 0 In folder D:/git/Python/pn1 C:\Python37\python3.exe -m flask run * Serving Flask app "../../GITHUB/paas/app.py" * Environment: development * Debug mode: off * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit) 127.0.0.1 - - [25/Jun/2019 22:27:51] "GET /login HTTP/1.1" 200 - [2019-06-25 22:27:58,193] ERROR in app: Exception on /login [POST] Traceback (most recent call last): File "C:\Python37\lib\site-packages\flask\app.py", line 2292, in wsgi_app response = self.full_dispatch_request() File "C:\Python37\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request rv = self.handle_user_exception(e) File "C:\Python37\lib\site-packages\flask\app.py", line 1718, in handle_user_exception reraise(exc_type, exc_value, tb) File "C:\Python37\lib\site-packages\flask\_compat.py", line 35, in reraise raise value File "C:\Python37\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request rv = self.dispatch_request() File "C:\Python37\lib\site-packages\flask\app.py", line 1799, in dispatch_request return self.view_functions[rule.endpoint](**req.view_args) File "D:\git\GITHUB\paas\app.py", line 33, in login session['username']=username File "C:\Python37\lib\site-packages\werkzeug\local.py", line 351, in __setitem__ self._get_current_object()[key] = value File "C:\Python37\lib\site-packages\flask\sessions.py", line 101, in _fail raise RuntimeError('The session is unavailable because no secret ' RuntimeError: The session is unavailable because no secret key was set. Set the secret_key on the application to something unique and secret. 127.0.0.1 - - [25/Jun/2019 22:27:58] "POST /login HTTP/1.1" 500 -
出现这个问题的原因是没有设置session的密钥就会出现如下的错误信息。依据刚才的案例,登录成功后,记录的session信息如下图: