【问题标题】:Twisted Session Cookie is Changing for Each RequestTwisted Session Cookie 会因每个请求而改变
【发布时间】:2017-07-17 19:17:13
【问题描述】:

登录后出于某种原因,之后的每个 POST 请求 Twisted 会话 cookie 都会更改。为什么会这样?在连接丢失或用户注销之前,我希望会话 uid 保持不变。

这是我的代码,它导致每个请求的会话都不同:

from twisted.web.server import Site, http
from twisted.internet import reactor
from twisted.web.resource import Resource

import json

class HttpResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')

        session_id = request.getSession().uid
        print "HttpResource session ID: {}".format(session_id)


class LoginResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        log("Login request")
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')

        req = request.content.read()

        session_id = request.getSession().uid

        try:
            jsQ = json.loads(req)
        except Exception as e:
            return e

        # User credentials
        username = jsQ['username']
        password = jsQ['password']

        # Authenticate the User
        if username == 'test' and password == 'test':
            # Create a new session
            print "Login session ID: {}".format(session_id)
        else:
            request.setResponseCode(401)
            return "Invalid username or password"


class RefreshResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        print "Refresh session ID: {}".format(request.getSession().uid)


class HttpFactory(Site):

    def __init__(self, resource):
        http.HTTPFactory.__init__(self)
        self.resource = resource
        self.sessions = {}
        self.user_info = {}


if __name__ == '__main__':

    root = Resource()
    root.putChild("", HttpResource())
    root.putChild("login", LoginResource())
    root.putChild("refresh", RefreshResource())

    site = HttpFactory(root)
    reactor.listenTCP(8000, site)

    reactor.run()

【问题讨论】:

    标签: python session session-cookies twisted twisted.web


    【解决方案1】:

    Twisted Web 会话是基于 cookie 的。为了使会话与客户端保持活动状态,它们必须尊重服务器的 Set-Cookie 响应(保存 cookie 并在以后的请求中重新发送)。

    如果你的客户端是 curl 之类的,那么:

    $ curl http://localhost:8000/
    

    将在运行后删除会话 cookie。如果您再次运行该命令,您将获得一个新会话,因为客户端不会发送会话 cookie,并且服务器无法知道该请求属于先前创建的会话。

    如果您告诉 curl 使用以下命令正常处理 cookie:

    $ curl --cookie session-cookies --cookie-jar session-cookies http://localhost:8000/
    

    然后 curl 将保存服务器设置的会话 cookie。如果您再次运行该命令,它会将会话 cookie 发送回服务器,您将看到相同的会话被重复使用。

    【讨论】:

    • 好的,我明白了。因此,如果扭曲的代码在标头中设置 cookie,则 UI 应随每个请求发送此 cookie,直到会话结束。谢谢琼的解释!
    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2021-03-28
    • 1970-01-01
    • 2017-08-03
    • 2021-06-15
    • 2016-01-12
    • 2014-07-08
    相关资源
    最近更新 更多