- Python Microservices Development
- Tarek Ziadé
- 239字
- 2021-07-02 18:54:22
The session object
Like the request object, Flask creates a session object, which is unique to the request context.
It's a dict-like object, which Flask serializes into a cookie on the user side. The data contained into the session mapping is dumped into a JSON mapping, then compressed using zlib when that makes it smaller, and finally encoded in base64.
When the session gets serialized, the itsdangerous (https://pythonhosted.org/itsdangerous/) library signs the content using the secret_key value defined at the application level. The signing uses HMAC (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) and SHA1.
This signature, which is added as a suffix in the data, ensures that the client cannot tamper with the data that is stored in a cookie unless they know the secret key to sign the data. Note that the data itself is not encrypted.
Flask will let you customize the signing algorithm to use, but HMAC + SHA1 is good enough when you need to store data in cookies.
However, when you're building microservices that are not producing HTML, you rarely rely on cookies since they are specific to web browsers. But the idea of keeping a volatile key-value storage per user can be extremely useful to speed up some of the server-side work. For instance, if you need to perform some database look-ups to get some information about a user every time they connect, caching this information in a session-like object on the server side makes a lot of sense.
- C++案例趣學
- 零基礎學C++程序設計
- 潮流:UI設計必修課
- Programming ArcGIS 10.1 with Python Cookbook
- 游戲程序設計教程
- Java EE 7 Performance Tuning and Optimization
- Teaching with Google Classroom
- Natural Language Processing with Java and LingPipe Cookbook
- Java圖像處理:基于OpenCV與JVM
- Clojure for Java Developers
- App Inventor 2 Essentials
- RESTful Web Clients:基于超媒體的可復用客戶端
- 硬件產品設計與開發:從原型到交付
- 視窗軟件設計和開發自動化:可視化D++語言
- Learning Shiny