Shulou(Shulou.com)06/02 Report--

How to understand Cookie and session in Flask, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can get something.

I. the use of Cookie

1. What is Cookie

As we all know, HTTP protocol is stateless, that is to say, after the end of a request response, the server will not retain any information about the other party's state. Some information that needs to be retained can be done through Cookie technology, and the client's state information can be saved by adding Cookie data to the request and response message.

Small text data stored on the browser by the Web server to store some data (such as user information). The browser will save it for a certain period of time and attach it to the next request to the server. Cookie is usually used for user session management (such as the user's login status) and to save some of the user's information.

2. Use Cookie in Flask

In Flask, if you want to add a cookie to the response, you can use the set_cookie () method of the response object.

The parameters of the set_ cookie () method are as follows:

Key:cookie key name

Value:cookie value

The time that max_age:cookie is saved (in seconds)

Expires: specific expiration time

Path: limit the paths available to cookie. Default is the entire domain name.

Domain names available for domain:cookie

Secure: set to True and can only be used through HTTPS

Httponly: set to True to prohibit client-side js from obtaining cookie

The specific uses are as follows:

@ app.route ('user/') def user (name): response = make_response (' hello {} '.format (name), 200) response.set_cookie ("name", name) return response

In Flask, the Cookie can be obtained through the request request object cookies property.

@ app.route ('/ hello') def hello (): user = request.args.get ('name') if not user: user = request.cookies.get ("name",' default') return 'Hello {}!' .format (user) II, the use of session 1, what is session

Session refers to a user's session, which can be used to save some of the state of the current request in order to share information before the request. The session is stored on the server and distinguishes the user session, that is, session id, through a unique ID. Generally speaking, the session id exists in the Cookie, and the server can obtain the session id in the Cookie to obtain the user session.

2. Session object in Flask

We learned that the most important function of Cookie is to save the status information of client users. But there is such a problem, Cookie is saved in the client, Cookie can be easily added and modified in the browser, and if the user's status information is stored in Cookie in clear text, then you can forge other people's user information by falsifying Cookie information, so as to obtain some permissions. To avoid this problem, we need to encrypt sensitive Cookie content. Flask provides session objects that are used to encrypt and store Cookie data.

3. Use session in Flask

Session needs to sign the data with a key to encrypt the data. Therefore, you need to set a key app.secret_key first. The key set here is only a simple example. In a production environment, the key must be randomly generated to ensure the complexity and randomness of the key to make it more secure.

# set key app.secret_key = 'qwertyuiop'@app.route (' / user', methods= ['POST') 'GET']) def user (): if request.method =' POST': user = request.form ['user_name'] session [' user_name'] = request.form ['user_name'] return' Hello {}! '.format (user) else: if' user_name' in session: return 'Hello {}!' .format (session ["user_name"])

The use of the session object is the same as a dictionary. As above, after the user requests to log in using POST, the user name is saved in session. The next time you use the GET request, you can get the user's information in session without passing any information.

If you want to clear the session-specified information, such as the user name, you can use session.pop ("user_name", None), or session.clear () if you want to clear all.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.