python中的会话身份验证 [英] session auth in python

问题描述

在 python 中使用 requests 模块中的 session，似乎 session 只在第一个请求时发送授权，我不明白为什么会发生这种情况.

Using session from requests module in python, it seems that the session sends authorization only with first request, I can't understand why this happened.

import requests
session = requests.Session()
session.auth = (u'user', 'test')
session.verify = False
response = session.get(url='https://my_url/rest/api/1.0/users')

如果我查找此响应请求标头，我会看到:

If I look for this response request headers I see:

{'Authorization': 'Basic auth_data', 'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': 'python-requests/2.12.3'}

但是如果我使用相同或不同的 url 发送下一个请求:

but if I send next request using the same or not url:

response = session.get(url='https://my_url/rest/api/1.0/users')

我可以看到请求中没有 auth 标头了:

I can see that there is no auth header in request anymore:

print response.request.headers
{'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'User-Agent': 'python-requests/2.12.3'}

因此我收到了 401 响应.

And I'm getting 401 response because of it.

为什么会这样?会话不应该在使用它的每个请求中发送身份验证吗?如何使用会话为每个请求发送身份验证数据?

Why is it so? Shouldn't session send auth with every request made using it? How can I send auth data with every request using session?

推荐答案

当我在您的评论中运行该确切代码时，我看到的是 Authorization 标头在 first<中丢失/em> print，但它出现在 second 中.这似乎与您报告的问题相反.

What I see when I run that exact code in your comment is that the Authorization header is missing in the first print, yet it is present in the second. This seems to be the opposite of the problem that you report.

这是因为第一个请求被 301 响应重定向，并且 auth 标头未在后续请求中传播到重定向位置.通过查看 response.history[0].request.headers，您可以看到 auth 标头是在初始请求中发送的.

This is explained by the fact that the first request is redirected by a 301 response, and the auth header is not propagated in the follow up request to the redirected location. You can see that the auth header was sent in the initial request by looking in response.history[0].request.headers.

第二个请求没有被重定向，因为会话保持与主机的连接打开(由于 Connection: keep-alive 标头)，所以当你 print 时会出现 auth 标头response.request.headers.

The second request is not redirected because the session has kept the connection to the host open (due the the Connection: keep-alive header), so the auth headers appear when you print response.request.headers.

我怀疑您是否真的在使用 https://test.com，但可能类似的事情正在发生您正在使用的服务器.

I doubt that you are actually using https://test.com, but probably a similar thing is happening with the server that you are using.

对于测试，我建议使用非常方便的公共测试 HTTP 服务器 https://httpbin.org/headers.这将在响应正文中返回服务器收到的标头.您可以使用其中一个重定向 URL 来测试重定向的请求.

For testing I recommend using the very handy public test HTTP server https://httpbin.org/headers. This will return the headers received by the server in the response body. You can test redirected requests with one of the redirect URLs.

这篇关于python中的会话身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！