Flask中Cookie与Session操作(八)

    HTTP的协议是一个无状态的协议,随着互联网技术的发展,需要记录下用户信息的操作,所以也就导致了

Cookie技术的发展,但是很遗憾的是Cookie它是存储在本地的,所以在信息安全的角度上,它并不是安全的,

特别是涉及到账户信息这些机密的信息,所以就有了Session,它是存储在服务端,这样存储在服务端相比

存储在本地安全的多。Falsk作为一个轻量级的WEB框架,在WEB的应用程序开发中,也会使用到操作Cookie

和SSession的相关技术。下面都是依据登录的案例来说明Flask框架中对Cookie和Session的程序操作。也就是

说输入账户和密码,判断账户是wuya,密码是admin,登录成功,在首页记录下登录账户的昵称信息,这是互联

网产品的基本形态。

     见Flask程序的案例代码:

from flask import Flask,session,render_template,url_for,redirect,request

app = Flask(__name__)


@app.route('/index',methods=['GET','POST'])
def index():
    nick=request.cookies.get('username')
    return render_template('index.html',**{'nick':nick})

@app.route('/login',methods=['GET','POST'])
def login():
    if request.method=='GET':
        return render_template('login.html')
    else:
        username=request.form.get('username')
        password=request.form.get('password')
        if username=='wuya' and password=='admin':
            r=redirect(url_for('index'))
            r.set_cookie(key='username',value=username)
            return r


if __name__ == '__main__':
    app.run()

 

在login的函数中,判断账户密码成功后,依据返回的Response信息对象r记录下用户需要记录的Cookie信息后然后

返回。在index的函数中获取到username键值对对应的value值信息,并且返回来,在模板文件中调用并且打印出来,

见login.html的文件源码:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>无涯课堂</title>
</head>
<body>
<center>
    <form action="" method="post">
        <p>
            用户名:<input type="text" name="username" placeholder="请输入您的账户">
        </p>
        <p>
            密码:<input type="password" name="password" placeholder="请输入账户密码">
        </p>
        <p>
            <input type="submit" value="登录">
        </p>
    </form>
</center>
</body>
</html>

 

见index.html的模板文件,在该模板文件里面调用了获取到的cookie信息,见原文件源码:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>无涯课堂</title>
</head>
<body>
<center>
    {{ nick }} 您好!欢迎您访问无涯课堂!
</center>
</body>
</html>

 

见执行程序后,程序调用的请求过程信息:

 

 

在Flask程序中,Cookie是有默认的时效时间的,如果需要单独的设置,在设置cookie信息的时候, 需要在expires里面

设置cookie的时效信息。我们对代码做一个简单的修改,通过Session的实现记录下登录成功后的信息,见修改后的源码:

from flask import Flask,session,render_template,url_for,redirect,request
import  os



app = Flask(__name__)
#设置session的密钥
app.config['SECRET_KEY']=os.urandom(24)

@app.route('/index',methods=['GET','POST'])
def index():
    nick=session['username']
    return render_template('index.html',**{'nick':nick})

@app.route('/login',methods=['GET','POST'])
def login():
    if request.method=='GET':
        return render_template('login.html')
    else:
        username=request.form.get('username')
        password=request.form.get('password')
        if username=='wuya' and password=='admin':
            r=redirect(url_for('index'))
            session['username']=username
            return r


if __name__ == '__main__':
    app.run()

 

在使用Session的时候,需要特别注意的是需要设置session的密钥,如果没有,就会出现如下错误,具体见如下:

FLASK_APP = ../../GITHUB/paas/app.py
FLASK_ENV = development
FLASK_DEBUG = 0
In folder D:/git/Python/pn1
C:\Python37\python3.exe -m flask run
 * Serving Flask app "../../GITHUB/paas/app.py"
 * Environment: development
 * Debug mode: off
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
127.0.0.1 - - [25/Jun/2019 22:27:51] "GET /login HTTP/1.1" 200 -
[2019-06-25 22:27:58,193] ERROR in app: Exception on /login [POST]
Traceback (most recent call last):
  File "C:\Python37\lib\site-packages\flask\app.py", line 2292, in wsgi_app
    response = self.full_dispatch_request()
  File "C:\Python37\lib\site-packages\flask\app.py", line 1815, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "C:\Python37\lib\site-packages\flask\app.py", line 1718, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "C:\Python37\lib\site-packages\flask\_compat.py", line 35, in reraise
    raise value
  File "C:\Python37\lib\site-packages\flask\app.py", line 1813, in full_dispatch_request
    rv = self.dispatch_request()
  File "C:\Python37\lib\site-packages\flask\app.py", line 1799, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "D:\git\GITHUB\paas\app.py", line 33, in login
    session['username']=username
  File "C:\Python37\lib\site-packages\werkzeug\local.py", line 351, in __setitem__
    self._get_current_object()[key] = value
  File "C:\Python37\lib\site-packages\flask\sessions.py", line 101, in _fail
    raise RuntimeError('The session is unavailable because no secret '
RuntimeError: The session is unavailable because no secret key was set.  Set the secret_key on the application to something unique and secret.
127.0.0.1 - - [25/Jun/2019 22:27:58] "POST /login HTTP/1.1" 500 -

 

出现这个问题的原因是没有设置session的密钥就会出现如下的错误信息。依据刚才的案例,登录成功后,记录的session信息如下图:

 

posted @ 2019-07-07 10:13  无涯(WuYa)  阅读(432)  评论(0编辑  收藏  举报