用户未登录-会话cookie太大? [英] User not logged in - session cookie too large?

问题描述

我在这里关注Google App Engine/python的身份验证教程: https://cloud.google.com/python/getting-started/authenticate-users

I am following the authentication tutorial for google app engine/python here: https://cloud.google.com/python/getting-started/authenticate-users

我确定我已经正确地遵循了所有步骤，但是当我单击页面上的登录按钮时，系统会提示我使用google登录，但是当重定向到该页面时，它表明该用户尚未登录.

I'm sure I've followed everything correctly, but when I click the login button on the page I am prompted to log in with google but then when redirected back to the page, it shows the user is not logged in.

我已经检查了本地服务器，并说:

I have checked the local server and it is saying:

UserWarning: The "session" cookie is too large: the value was 4755 bytes but the header required 26 extra bytes. The final size was 4781 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

我不是100％肯定这是我的问题，但这是唯一让我脱颖而出的事情.谁能帮忙吗?

I am not 100% sure this is my problem, but it is the only thing that stands out to me. Can anyone please help?

推荐答案

是的，验证身份验证所需的所有数据都在cookie中，并且您在其中存储了太多信息.

Yes, all data needed to verify the authentication is in the cookie, and you are storing too much info in it.

您可以减少为配置文件存储的内容，也许在 _request_user_info()挂钩中:

You can reduce what is stored for the profile, perhaps, in the _request_user_info() hook:

def _request_user_info(credentials):
    # ...
    resp, content = http.request(
        'https://www.googleapis.com/plus/v1/people/me')

    # ...
    session['profile'] = json.loads(content.decode('utf-8'))

过滤而不是存储整个字典，而是过滤 json.loads()返回的字典，仅保留应用程序真正需要的配置文件信息.那样，或者将这些信息存储在其他地方，例如存储在memcached中(因此，每次需要时都可以对其进行检索，而该信息在memcached中仍然不可用).

Rather than store the whole dictionary, filter the dictionary that json.loads() returns and only retain the profile information your application really needs to have. That, or store this information somewhere else, like in memcached (so retrieve it each time you need it and it is not available in memcached still).

请参见 人员资源文档，以查看 session ['profile'] 中存储了哪些数据，并选择您真正需要的数据.例如，本教程仅需要显示名称和图像url:

See the People resource documentation to see what data is being stored in session['profile'] and pick what you really need. The tutorial, for example, only needs the display name and the image url:

profile = json.loads(content.decode('utf-8'))
session['profile'] = {'displayName': profile['displayName'], 'image': profile['image']}

这篇关于用户未登录-会话cookie太大?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！