Apache Cookie解密(烧瓶会话) [英] Apache cookie decrypt (flask session)
问题描述
有人可以帮助我吗, 我正在考虑简单的分析,即将所有数据都放入cookie中,然后通过apache机制将其记录下来.接下来,我可以使用kibana轻松处理来自Apache的日志.这种方法非常简单,我节省了分析用户行为和发展的时间.
can anybody help me pls, I am thinking about simple analytics, i.e. put all ness data into cookie and then logging it through the apache mechanism. Next, logs from apache I can handle simply with kibana. Such approach is very easy, I save time for analyze users behavior and development.
但是我遇到了下一个问题-在Flask中,我可以通过后果加密将不同类型的信息放入会话字典中.我可以在apache中打开日志记录cookie,但是如何在apache中解密cookie?你有什么想法?? 谢谢.
But I have encountered next problem - in Flask I can put different kind of information into session dict with consequence crypting. I can switch on logging cookie in apache, but HOW CAN I DECRYPT cookie in apache??? Do you have any ideas?? Thanks.
推荐答案
会话cookie未加密.它经过json编码,压缩,base64编码和加密签名.它使用 itsdangerous 软件包来完成此任务.会话cookie并不意味着在Flask之外方便阅读.您当然可以颠倒这个过程(分离签名,对其进行验证,对有效负载进行解码并对其进行解压缩). 但是,让Flask这样做并从应用程序进行日志记录会更有意义.
The session cookie is not encrypted. It is json encoded, compressed, base64 encoded, and cryptographically signed. It uses the itsdangerous package to accomplish this. The session cookie is not meant to be convenient to read outside Flask. You could of course reverse this process (separate the signature, validate it, decode the payload, and decompress it). However, it would make more sense to let Flask do this, and just do the logging from the app.
作为参考,cookie的格式为:
For reference, the format of the cookie is:
-
如果压缩数据(使用zlib),
- 以
.开头 - 数据(base64编码,可能已压缩,json编码)
-
.分隔数据和签名 - 签名(默认为hmac)
- starts with
.if the data is compressed (uses zlib) - data (base64 encoded, possibly compressed, json encoded)
.separates data and signature- signature (hmac by default)
查看其危险和Flask的源将显示如果要尝试在Apache中阅读此内容,则需要反转的细节.
Looking in to the source for itsdangerous and Flask will show the specifics of what you would need to reverse if you were to try to read this in Apache.
这篇关于Apache Cookie解密(烧瓶会话)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
