官术网_书友最值得收藏!

The session object

Like the request object, Flask creates a session object, which is unique to the request context.

It's a dict-like object, which Flask serializes into a cookie on the user side. The data contained into the session mapping is dumped into a JSON mapping, then compressed using zlib when that makes it smaller, and finally encoded in base64.

When the session gets serialized, the itsdangerous (https://pythonhosted.org/itsdangerous/) library signs the content using the secret_key value defined at the application level. The signing uses HMAC (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) and SHA1.

This signature, which is added as a suffix in the data, ensures that the client cannot tamper with the data that is stored in a cookie unless they know the secret key to sign the data. Note that the data itself is not encrypted.

Flask will let you customize the signing algorithm to use, but HMAC + SHA1 is good enough when you need to store data in cookies.

However, when you're building microservices that are not producing HTML, you rarely rely on cookies since they are specific to web browsers. But the idea of keeping a volatile key-value storage per user can be extremely useful to speed up some of the server-side work. For instance, if you need to perform some database look-ups to get some information about a user every time they connect, caching this information in a session-like object on the server side makes a lot of sense.

主站蜘蛛池模板: 开封市| 宁乡县| 湖南省| 湖南省| 宿州市| 安吉县| 珲春市| 安庆市| 平湖市| 喀喇| 库尔勒市| 榆中县| 林周县| 辰溪县| 宣恩县| 德格县| 彭泽县| 华亭县| 昆明市| 兴和县| 陆河县| 当雄县| 张家口市| 双峰县| 汝州市| 富民县| 玉龙| 游戏| 沈阳市| 东明县| 石阡县| 台东市| 镇赉县| 阳春市| 治县。| 大关县| 海淀区| 赤城县| 松溪县| 浮梁县| 兰西县|