flask 自定义session机制

最新推荐文章于 2024-08-22 10:55:19 发布

JackLiu16

最新推荐文章于 2024-08-22 10:55:19 发布

阅读量2k

点赞数

分类专栏： flask

本文链接：https://blog.csdn.net/JackLiu16/article/details/82558204

版权

本文介绍如何在Flask中实现自定义session机制，通过将session值与随机sid关联，存储可以选择Redis或内存。同时，发送给浏览器的不再是加密后的session值，而是对应的session_id。

摘要由CSDN通过智能技术生成

# flask原生session机制，cookie中返回session加密的value


class SecureCookieSessionInterface(SessionInterface):
    """The default session interface that stores sessions in signed cookies
    through the :mod:`itsdangerous` module.
    """
    #: the salt that should be applied on top of the secret key for the
    #: signing of cookie based sessions.
    salt = 'cookie-session'
    #: the hash function to use for the signature.  The default is sha1
    digest_method = staticmethod(hashlib.sha1)
    #: the name of the itsdangerous supported key derivation.  The default
    #: is hmac.
    key_derivation = 'hmac'
    #: A python serializer for the payload.  The default is a compact
    #: JSON derived serializer with support for some extra Python types
    #: such as datetime objects or tuples.
    serializer = session_json_serializer
    session_class = SecureCookieSession

    def get_signing_serializer(self, app):
        if not app.secret_key:
            return None
        signer_kwargs = dict(
            key_derivation=self.key_derivation,
            digest_method=self.digest_method
        )
        return URLSafeTimedSerializer(app.secret_key, salt=self.salt,
                                      serializer=self.serializer,
                                      signer_kwargs=signer_kwargs)

    def open_session(self, app, request):
        s = self.get_signing_serializer(app)
        if s is None:
            retur