在龙卷风中处理用户会话的标准方法 [英] standard way to handle user session in tornado
问题描述
所以,为了避免没有最佳答案"的问题,我要问的不是最好的方法,而是使用 Tornado 框架时处理会话的标准或最常见的方法.也就是说,如果我们不使用 3rd 方身份验证(OAuth 等),而是希望在浏览器中拥有自己的带有安全 cookie 的用户表,但大部分会话信息存储在服务器上,那么最常见的方法是什么?我见过一些人使用 Redis,一些人使用他们的普通数据库(MySQL 或 Postgres 或其他),一些人使用 memcached.
So, in order to avoid the "no one best answer" problem, I'm going to ask, not for the best way, but the standard or most common way to handle sessions when using the Tornado framework. That is, if we're not using 3rd party authentication (OAuth, etc.), but rather we have want to have our own Users table with secure cookies in the browser but most of the session info stored on the server, what is the most common way of doing this? I have seen some people using Redis, some people using their normal database (MySQL or Postgres or whatever), some people using memcached.
我正在开发的应用程序不会同时拥有数百万甚至数千名用户.不过,它最终需要获得一些适度复杂的授权方案.我正在寻找的是确保我们不会做一些与一般 Tornado 社区不同的奇怪"的事情,因为身份验证和授权虽然是我们需要的东西,但并不是我们需要的东西我们产品的核心,因此不是我们应该让自己与众不同的地方.因此,我们正在寻找大多数人(使用 Tornado 的人)在这方面所做的事情,因此我认为这是一个具有(理论上)客观真实答案的问题.
The application I'm working on won't have millions of users at a time, or probably even thousands. It will need to eventually get some moderately complex authorization scheme, though. What I'm looking for is to make sure we don't do something "weird" that goes down a different path than the general Tornado community, since authentication and authorization, while it is something we need, isn't something that is at the core of our product and so isn't where we should be differentiating ourselves. So, we're looking for what most people (who use Tornado) are doing in this respect, hence I think it's a question with (in theory) an objectively true answer.
当然,理想的答案应该是示例代码.
The ideal answer would point to example code, of course.
推荐答案
Tornado 被设计为无状态并且没有开箱即用的会话支持.
Tornado designed to be stateless and don't have session support out of the box.
使用安全 cookie 来存储用户 ID 等敏感信息.使用标准 cookie 来存储非关键信息.
Use secure cookies to store sensitive information like user_id. Use standard cookies to store not critical information.
用于存储大对象 - 使用标准方案 - MySQL + memcache.
For storing large objects - use standard scheme - MySQL + memcache.
这篇关于在龙卷风中处理用户会话的标准方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
