Cookie

由于HTTP协议是无状态的(一旦数据交换完毕就断开连接),很难知道客户端的身份,再次连接也不知道,在这种情况下,Cookie诞生了,它是服务器留在客户端的一小段信息,用于区分客户身份,游览器每次在请求时,都会在头文件上带上这个Cookie。
演示(Web.py):

#coding=utf-8
import web
urls = ('/', 'hello') #路由
class hello:
    def GET(self):
        web.setcookie('test_cookie','hello')
        return 'Hello,world!'

if __name__ == "__main__":
    app = web.application(urls, globals())
    app.run()

Session(会话)

会话是Cookie后另一种解决方式,与Cookie最大的不同是会话存储在服务器,尽管会话依赖于Cookie(会话需要存储会话ID),但客户端除了会话ID也无法篡改其他,极大的提高了安全性。
1.

//由于Tornado没有Session模块,所以找了一些轮子,需要Redis支持
https://github.com/zs1621/tornado-redis-session
https://github.com/cole/tornado-sessions

2.目前用的

pip install pycket
pip install redis

例子:

import tornado.ioloop
import tornado.web
from pycket.session import SessionMixin

class MainHandler(tornado.web.RequestHandler,SessionMixin):
    def get(self):
        test = self.session.get('test_session')
        if test:
            self.write(test)
        else:
            self.session.set('test_session','hello')
            self.write("Hello, world")
if __name__ == "__main__":
    settings = {}
    settings['pycket'] = {}
    settings['pycket']['cookies'] = {}
    settings['pycket']['storage'] = {}
    settings['cookie_secret'] = 'f8lNNzhHTVSOyKab3MKv6A=='
    settings['pycket']['engine'] = 'redis' #数据库类型
    settings['pycket']['storage']['host'] = 'localhost' #host
    settings['pycket']['storage']['port'] = 6379 #端口
    settings['pycket']['storage']['db_sessions'] = 10 #用于会话的数据集
    settings['pycket']['storage']['db_notifications'] = 16 #用于通知的数据集
    settings['pycket']['storage']['max_connections'] = 2**64 #最大连接数
    settings['pycket']['cookies']['expires_days'] = 1 #会话过期时间
    settings['pycket']['cookies']['max_age'] = 86400 #兼容设置,同上
    print(settings)
    app = tornado.web.Application([(r'/', MainHandler),],**settings)
    app.listen(8080)
    tornado.ioloop.IOLoop.current().start()

标签: Python, Tornado

添加新评论