官术网_书友最值得收藏!

The session object

Like the request object, Flask creates a session object, which is unique to the request context.

It's a dict-like object, which Flask serializes into a cookie on the user side. The data contained into the session mapping is dumped into a JSON mapping, then compressed using zlib when that makes it smaller, and finally encoded in base64.

When the session gets serialized, the itsdangerous (https://pythonhosted.org/itsdangerous/) library signs the content using the secret_key value defined at the application level. The signing uses HMAC (https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) and SHA1.

This signature, which is added as a suffix in the data, ensures that the client cannot tamper with the data that is stored in a cookie unless they know the secret key to sign the data. Note that the data itself is not encrypted.

Flask will let you customize the signing algorithm to use, but HMAC + SHA1 is good enough when you need to store data in cookies.

However, when you're building microservices that are not producing HTML, you rarely rely on cookies since they are specific to web browsers. But the idea of keeping a volatile key-value storage per user can be extremely useful to speed up some of the server-side work. For instance, if you need to perform some database look-ups to get some information about a user every time they connect, caching this information in a session-like object on the server side makes a lot of sense.

主站蜘蛛池模板: 开封县| 南宫市| 平乐县| 平定县| 东明县| 济阳县| 绥阳县| 略阳县| 商南县| 当雄县| 监利县| 方城县| 桐乡市| 神池县| 册亨县| 通化市| 拉萨市| 淮北市| 平塘县| 普陀区| 磴口县| 澄迈县| 滕州市| 武鸣县| 临城县| 芮城县| 平昌县| 双辽市| 翁牛特旗| 浮梁县| 墨竹工卡县| 贵阳市| 庆阳市| 贵溪市| 修武县| 台东县| 恭城| 余江县| 剑河县| 合江县| 汉寿县|