Fatal编程技术网
  • python/
  • Python Twisted会话Cookie正在为每个请求更改

Python Twisted会话Cookie正在为每个请求更改

python session

Python Twisted会话Cookie正在为每个请求更改,python,session,session-cookies,twisted,twisted.web,Python,Session,Session Cookies,Twisted,Twisted.web,由于某种原因,登录后,Twisted会话cookie之后的每个POST请求都会发生更改。为什么会发生这种情况?在连接断开或用户注销之前,我希望会话uid保持不变 下面是我的代码,它导致会话对于每个请求都不同: from twisted.web.server import Site, http from twisted.internet import reactor from twisted.web.resource import Resource import json class Http

由于某种原因,登录后,Twisted会话cookie之后的每个POST请求都会发生更改。为什么会发生这种情况?在连接断开或用户注销之前,我希望会话uid保持不变

下面是我的代码,它导致会话对于每个请求都不同:

from twisted.web.server import Site, http
from twisted.internet import reactor
from twisted.web.resource import Resource

import json

class HttpResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')

        session_id = request.getSession().uid
        print "HttpResource session ID: {}".format(session_id)


class LoginResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        log("Login request")
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')

        req = request.content.read()

        session_id = request.getSession().uid

        try:
            jsQ = json.loads(req)
        except Exception as e:
            return e

        # User credentials
        username = jsQ['username']
        password = jsQ['password']

        # Authenticate the User
        if username == 'test' and password == 'test':
            # Create a new session
            print "Login session ID: {}".format(session_id)
        else:
            request.setResponseCode(401)
            return "Invalid username or password"


class RefreshResource(Resource):
    isLeaf = True

    def render_OPTIONS(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return ""

    def render_GET(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"

    def render_POST(self, request):
        request.setHeader('Access-Control-Allow-Origin', '*')
        request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
        print "Refresh session ID: {}".format(request.getSession().uid)


class HttpFactory(Site):

    def __init__(self, resource):
        http.HTTPFactory.__init__(self)
        self.resource = resource
        self.sessions = {}
        self.user_info = {}


if __name__ == '__main__':

    root = Resource()
    root.putChild("", HttpResource())
    root.putChild("login", LoginResource())
    root.putChild("refresh", RefreshResource())

    site = HttpFactory(root)
    reactor.listenTCP(8000, site)

    reactor.run()
Twisted Web会话是基于cookie的。要使会话与客户端保持活动状态,他们必须尊重服务器的Set-Cookie响应—保存Cookie并在将来的请求中重新发送

如果您的客户有点像curl,那么:

$ curl http://localhost:8000/
将在运行后删除会话cookie。如果再次运行该命令,您将获得一个新会话,因为客户端不会发送会话cookie,服务器无法知道该请求属于先前创建的会话

如果您让curl使用如下命令正常处理cookie:

$ curl --cookie session-cookies --cookie-jar session-cookies http://localhost:8000/
然后curl将保存服务器设置的会话cookie。如果您再次运行该命令,它会将会话cookie发送回服务器,您将看到相同的会话被重复使用。

好的,我明白了。因此,如果twisted代码在头中设置cookie,UI应在每次请求中发送此cookie,直到会话结束。谢谢你的解释,简!