用户登录后,生成Cookie:
response = make_response(json.dumps(resp_body)) response.set_cookie(app.config['AUTH_COOKIE_NAME'], "{salt}#{user_id}".format(salt=UserService.geneAuthCode(user_info), user_id=user_info.uid))
拦截器中校验Cookie:
使用flask 的@app.before_request cookies = request.cookies auth_cookie = cookies[app.config['AUTH_COOKIE_NAME']] if app.config['AUTH_COOKIE_NAME'] in cookies else None if auth_cookie is None: return False auth_info = auth_cookie.split("#") if len(auth_info) != 2: return False try: user_info = User.query.filter_by(uid = auth_info[1]).first() # app.logger.info("user_info : {0}".format(str(user_info))) except Exception: return False if user_info is None: return False if auth_info[0] != UserService.geneAuthCode(user_info=user_info): return False return user_info