有关Flask会话的一些问题 [英] Some questions about Flask sessions

问题描述

考虑以下简单的应用程序：

  from flask import烧瓶，请求，会话
 
应用程序= Flask（__ name__）
 application.secret_key =some_random_string
 $ b $ application_route（/ enter_string）
 def start_session（）：
 session [ string] = request.args [string] 
 
 @ application.route（/ get_string）
 def continue_session（）：$ b $如果string不在session：
 return先给我一个字符串！ 
 $ b $ returnYou enter+ session [string] 
 
 if __name__ ==__main__：
 application.debug = True 
 application .run（）
  

以下是我的问题：

1. 一旦访问了enter_string端点并且用户已经为 session [string] 分配了一个字符串，那么字符串存储？它在服务器的内存还是用户的？


2. 默认情况下，会话在浏览器退出时到期。是否有一个简单的方法让其他事件触发会话过期，如关闭窗口，但不一定是浏览器？
   
3. 默认情况下，会话会超时或是它一直保持，直到浏览器退出，无论多长时间？
   

解决方案

以不同的方式实施。默认实现基于安全cookie（具有防止篡改的加密签名的cookie）。这里是你对这个实现的问题的答案：

1. 字符串将存储在客户端cookie中。每次浏览器向服务器发送请求时，cookie都会随之发送。

客户端可以通过使用Javascript删除cookie来销毁会话。 （会话cookie的默认名称是 session ）。服务器可以通过删除会话中的所有项目来删除会话。 在默认实现中，cookie的到期日期将在31天后设置。这可以通过 PERMANENT_SESSION_LIFETIME 配置设置进行更改。 正如我上面提到的，Flask支持第三方会话处理程序，所以上面的答案可能不适用于其他实现。特别是有一些处理器实现了将会话数据存储在服务器而不是客户端的服务器端会话（例如Flask-Session或Flask-KVSession）。


Consider the following simple flask app:

from flask import Flask, request, session

application = Flask(__name__)
application.secret_key = "some_random_string"

@application.route("/enter_string")
def start_session():
    session["string"] = request.args["string"]

@application.route("/get_string")
def continue_session():
    if "string" not in session:
        return "Give me a string first!"

    return "You entered " + session["string"]

if __name__ == "__main__":
    application.debug = True
    application.run()

Here are my questions:

1. Once the "enter_string" endpoint has been visited and the user has assigned a string to session["string"], where is the string stored? Is it in the server's memory or the user's?
2. By default, the session expires when the browser exits. Is there a simple way to have some other event trigger the expiration of the session, such as closing the window but not necessarily the browser?
3. By default, will the session ever time out or is it kept until the browser exits no matter how long that takes?

解决方案

Sessions in Flask can be implemented in different ways. The default implementation is based on secure cookies (cookies that have a cryptographic signature that prevents tampering). Here are the answers to your questions for this implementation:

1. The string will be stored in a client-side cookie. Each time the browser sends a request to the server, the cookie will be sent along with it.

2. The client can destroy the session by deleting the cookie using Javascript. (The default name for the session cookie is session). The server can delete the session by removing all the items from it.

3. In the default implementation the cookie has an expiration date set 31 days in the future. This can be changed with the PERMANENT_SESSION_LIFETIME configuration setting.

As I mentioned above, Flask supports third party session handlers, so the above answer may not apply to other implementations. In particular, there are handlers that implement server-side sessions (such as Flask-Session or Flask-KVSession) that store the session data in the server instead of the client.

这篇关于有关Flask会话的一些问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！