django会话不在iframe中维护 [英] django Sessions are not maintaing in an iframe

问题描述

我正在使用django创建一个对话式聊天机器人.为了保持chatbot中的聊天流程，我正在使用django会话.但是，当我在iframe中使用聊天机器人的链接时，它不存储任何会话，并且流量中断.我想要一个即使在iframe中也有助于维护会话的函数.

I am creating a conversational chatbot using django . And To maintain the flow of the chat in chatbot , i am using django sessions . But when i use the link of the chatbot in an iframe , it doesn't store any of the session and flow breaks down. I want a function that will help to maintain the sessions even in the iframe.

用于iframe

<html>
<head></head>
<body>
<embed style=" width: 384px; height: 525px; margin-right: 0px !important; bottom: 0px; float: right; position: absolute; bottom: 30px; width: 100%;" frameborder="0" scrolling="no" id="iframe" src="http://*********.com/********/*******.html">


</body>
</html>

用于维护会话的代码

@staticmethod
    def extract_data(request, input_data):
        from chat import validations
        if 'city' not in request.session:
            response_data = {'extra': {}, 'data': {}}
            response_data['extra']['statement'] = 'Select Car Model which you like to rent?'
            response_data['extra']['type'] = 'carmodel'
            response_data['data'] = Cars.city_check(request,response_data, input_data)

        elif 'veh_name' not in request.session:

            response_data = Cars.veh_name_check(request, input_data)

        elif 'days' not in request.session:
            response_data = validations.days_check(request, input_data)

        elif 'phone' not in request.session:
            response_data = validations.phone_check(request, input_data)

        elif 'email' not in request.session:

            response_data = validations.mail_check(request, input_data)

        elif 'name' not in request.session:
            response_data = validations.name_check(request, input_data, 'Car')

        return response_data

推荐答案

与django无关.当前，浏览器对于使框架/嵌入式设备访问Cookie充满偏执，即使它们是cookie的来源.此外，许多用户还会阻止第三方cookie(通常包括框架cookie)或所有cookie.您可以将会话ID嵌入到框架源中，如此答案建议，并生成会话ID(完全随机或来自Cookie))，方法是使用django模板或包含框架的页面上的客户端javascript .

This has little to do with django. Browsers are currently paranoid about giving frames/embeds access to cookies, even when they are the source of the cookie. In addition, many users block third-party cookies (which usually includes frame cookies), or all cookies. You could embed a session id in the frame source, as this answer suggests, with the session id generated (either completely random or from cookie) by django template or client-side javascript on the page that contains the frame which might have access to the cookie.

您可能还需要考虑完全放弃嵌入/框架，而采用django include块，该块将聊天内容窗口作为div或类似内容插入包含页面，因此可以更好地访问cookie或其他会话变量.在这种情况下，我将javascript和html分开，并将js脚本标签放在头部.

You may also want to look into dropping the embed/frame entirely in favor of a django include block, which inserts the chat content window into the containing page as a div or similar, therefor giving greater access to cookies or other session variables. In this case I'd separate the javascript from the html and put the js script tag in the head.

作为最后一击，您可以使用客户端的公共ip和用户代理以及包含页面的URI(对于模板)的组合来替换对cookie的依赖.

As a last-ditch shot, you could replace the dependency on cookies with a combination of the client's public ip and user-agent, and maybe the containing-pages URI (in the case of a template).

编辑关于安全性:(在@EthanKeller发表评论之后)

Edit With regard to security: (after a comment by @EthanKeller)

浏览器试图保护框架免受主要内容的侵害，反之亦然.这全都取决于它是否包含任何敏感信息.如果是这样，那么我建议通过将框架放在其自己的窗口/选项卡中来分离它们，可能通过弹出调用.但是，对于聊天机器人，我怀疑是否有这么敏感的东西.经销商的选择.

Browsers try to protect frames from main content and vice versa. It all depends on rather either contains any sensitive info. If so, then I suggest separating them by putting the frame in it's own window/tab, potentially via popup call. In the case of a chatbot, however, I doubt there is anything all that sensitive. Dealer's choice.

这篇关于django会话不在iframe中维护的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！