tornado 安全cookie以及身份認證
阿新 • • 發佈:2018-11-14
import tornado.web import tornado.ioloop session_id = 1 class MainHandler(tornado.web.RequestHandler): def get(self): global session_id if not self.get_secure_cookie('session'): self.set_secure_cookie('session', str(session_id)) session_id += 1 self.write('you have set a new session') else: print(self.get_secure_cookie('session')) self.write('you session was set') def testApp(): return tornado.web.Application([(r'/', MainHandler),], cookie_secret="SESSION_DONT_SHOW") def main(): app = testApp() app.listen(8887) tornado.ioloop.IOLoop.current().start() if __name__ == "__main__": main() # tornado.web_RequestHandler.clear_all_cookies()
cookies總是被儲存在客戶端,所以cookies必須資訊加密,而tornado.web.Application物件初始化賦予cookie_secret引數,用於儲存本網站cookies加密金鑰
身份認證程式碼:
import tornado.web import tornado.ioloop from tornado import gen import uuid #UUID生成庫 dict_session = {} class BaseHandler(tornado.web.RequestHandler): #公共基類 def get_current_user(self): session_id = self.get_secure_cookie('session_id') return dict_session.get(session_id) class MyHandler(BaseHandler): @tornado.web.authenticated def get(self): name = tornado.escape.xhtml_escape(self.current_user) #執行之前根據curren_user是否已經被賦值來判斷使用者的身份認證情況,已經被賦值,進行正常邏輯操作,不能則自動重定向為登入介面 self.write('Hi' + name) class LoginHandler(BaseHandler): def get(self): #登入介面 self.write('<html><body>' '<form action="/login" method="post">' 'Name:<input type="text" name="name">' '<input type="submit" value="Sign in">' '</form>' '</body></html>') def post(self): #驗證是否允許登入 if len(self.get_argument("name")) < 3: self.redirect('/login') session_id = str(uuid.uuid1()) dict_session[session_id] = self.get_argument('name') self.set_secure_cookie("session_id", session_id) self.redirect('/') myapp = tornado.web.Application([(r"/", MyHandler), (r'login', LoginHandler),] cookie_secret = "SECRET_DONT_SHOW", #cookies加密 login_url:'/login') #login_url用於tornado.web.authenticated裝飾器發現使用者尚未驗證時重定向到一個URL def main(): myapp.listen(8888) tornado.ioloop.IOLoop.current().start() if __name__ == "__main__": main()