会话在dart [英] Sessions in dart
问题描述
通常,dart文档有几个任何主题的很多有用的例子。很遗憾,我在dart的会话中找不到任何东西。
任何人都可以将此方法验证为正确的会话方式:
- 浏览器向服务器发送GET请求。
- 服务器使用网络客户端进行响应。
-
a)服务器检查凭据并生成会话Cookie。 - 网络客户端发送请求
- 用户打开浏览器A,访问过您的网站
- 使用浏览器A中的多个标签在浏览器中点击各种链接
- 将浏览器闲置45分钟
- 打开浏览器B,访问过您的网站
- 在浏览器B中关闭了您网站的标签
- 浏览器B中的另一个新标签页并点击书签到
访问您的网站 - 新会话已创建...让我们说JSESSIONID 10203940595940 $ b $
- 服务器上的会话已过期,并且可能在服务器上释放了一些内存。
- 由于Java无法找到与JSESSIONID 10203940595940匹配的会话,它创建一个新会话并要求客户端记住新的JSESSIONID。
- 来自新浏览器的请求被视为新会话,因为JSESSIONID合同在单个浏览器和服务器之间。因此,服务器分配一个新的JSESSIONID(如956879874358734)
- JSESSIONID在浏览器中挂起,直到浏览器退出。关闭标签页并不清除JSESSIONID
- 浏览器仍在使用JSESSIONID,如果时间不够长,服务器仍会挂起该会话。
- 一个会话只是一个HashMap,它将JSESSIONID与另一个
一组属性进行映射。 - 会话和
在
会话过期后从内存中删除JSESSIONID和映射的属性。 - 通常,有一些应用程序获得事件的规定$ b $
- 用户的浏览器A向服务器发送请求。服务器通过名称JSESSIONID检查是否有
Cookie。如果没有找到,则在
服务器上创建一个。服务器记下新的JSESSIONID,创建的
时间和最后的请求时间,这与
中的创建时间相同。在HTTP响应中,服务器将新的
JSESSIONID附加为Cookie。 - 浏览器旨在为后续访问
持续附加Cookie到同一网站。因此,对于网站的所有后续访问,
浏览器继续将JSESSIONID cookie附加到HTTP请求
头。 - 因此,此时服务器会看到JSESSIONID,并且能够将
请求映射到现有会话,以防会话尚未使
过期。如果会话已经过期,服务器将
创建一个新的会话,并将新的JSESSIONID附加为HTTP响应中的cookie
。 - Browser sends GET request to sever.
- Server responds with web-client.
- Web-client sends user credentials.
- a) Server checks credentials and generates session cookie. b) Server sends session cookie back to client.
- Web-client stores cookie for further use.
- Web-client sends request for some user specific data, and attaches the cookie for verification.
- A user opened a browser A, visited your site
- Kept clicking around various links using multiple tabs in browser A
- Left the browser idle for 45 minutes
- Continued clicking on the pages that he left open
- Opened browser B, visited your site
- Closed the tab for your website in browser B
- Opened another new tab in browser B and clicked on a bookmark to visit your site
- New session created... let us say JSESSIONID 10203940595940
- Same session applies for all requests from all tabs
- Session expired on the server, and probably some memory was freed on server
- Since Java is not able to locate a session matching JSESSIONID 10203940595940, it creates a new session and asks client to remember new JSESSIONID w349374598457
- Requests from new browser are treated as new sessions because the JSESSIONID contract is between a single browser and the server. So, server assigns a new JSESSIONID like 956879874358734
- JSESSIONID hangs around in the browser till browser is exited. Closing a tab doesnt clear the JSESSIONID
- JSESSIONID is still used by browser, and if not much time elapsed, server would still be hanging on to that session. So, the sesison will continue.
- A session is just a HashMap which maps JSESSIONIDs with another a bunch of attributes.
- There is a thread monitoring elapsed time for the sessions, and removing JSESSIONIDs and the mapped attributes from memory once a session expires.
- Usually, there is some provision for applications to get an event alert just when a session becomes ready for expiry.
- User's browser A sends a request to server. Server checks if there is a Cookie by name JSESSIONID. If none is found, one is created on the server. The server makes a note of the new JSESSIONID, the created time, and the last request time which is the same as created time in this case. In the HTTP response, the server attaches the new JSESSIONID as a cookie.
- Browsers are designed to keep attaching cookies for subsequent visits to the same site. So, for all subsequent visits to the site, the browser keeps attaching the JSESSIONID cookie to the HTTP request header.
- So, this time the server sees the JSESSIONID and is able to map the request to the existing session, in case the session has not yet expired. In case the session had already expired, the server would create a new session and attach back the new JSESSIONID as a cookie in HTTP response.
b
我特别感兴趣的是第4,5和6点,因为其他的有详细记录。
编辑:
阅读完GünterZöchbauer下面的评论后,我调查了shelf_auth。我意识到,它需要重写服务器应用程序使用shelf。
所以我这样做了。
main.dart:
//导入所有必需的库
main(){
runServer();
}
/ **
*处理Http请求的代码
* /
runServer(){
var staticHandler = createStaticHandler(rC:\Users\Lukasz\dart\auctionProject\web,defaultDocument:'auctionproject.html');
var handler = new Cascade()
.add(staticHandler)//服务web客户端
.add(routes.handler)//服务web客户端请求的内容
.handler;
io.serve(handler,InternetAddress.LOOPBACK_IP_V4,8080).then((server){
print('Listening on port 8080');
})catchError((error)= > print(error));
}
routes.dart
import'handlers.dart'as handler;
import'package:shelf_route / shelf_route.dart';
import'package:shelf_auth / shelf_auth.dart'as sAuth;
路由器路由= new Router()
..get('/ anonymous',handler.handleAnonymousRequest);
//..post('/login',handler.handleLoginRequest); <<这需要实现
//其他路径将在以后
handlers.dart
import'dart:async';
import'dart:convert';
import'dart:io'show HttpHeaders;
import'databaseUtility.dart';
import'package:shelf_exception_response / exception.dart';
import'package:shelf / shelf.dart'as shelf;
import'package:shelf_path / shelf_path.dart';
shelf.Response handleAnonymousRequest(shelf.Request request){
return new shelf.Response.ok('got anonymous get request');不幸的是,在阅读了}
$ b < .org / packages / shelf_auth> shelf_auth 文档我还是不知道在哪里添加身份验证。
我将用Java中的servlet来描述会话如何工作
em>。这可以帮助您使实施工作。首先,我必须提及,会话和认证是两个单独的功能,虽然后者取决于前者。会话可帮助服务器了解来自同一浏览器的连续请求,而不会在两者之间产生大的空闲时间。请查看以下示例:
这里是对服务器 -
服务器端的会话使用:
实施详情:
认证机制只是利用上述会话处理来检测新会话并将它们转移到登录页面。此外,现有会话可用于存储诸如auth-status - pass或fail的属性。
Usually the dart documentation has a lot of useful examples on almost any topic. Unfortunately I could not find anything on sessions in dart.
Could anyone validate this approach as a correct way to do sessions:
My special interest lies in points 4, 5 and 6, since the others are well documented. If you could share some code snippets on this points, I would very much appreciate it.
EDIT: After reading the comment from Günter Zöchbauer below I looked into shelf_auth. I realized that it requires rewriting the server app to use shelf. So I did that.
The main.dart:
// imports of all necessary libraries
main() {
runServer();
}
/**
* Code to handle Http Requests
*/
runServer() {
var staticHandler = createStaticHandler(r"C:\Users\Lukasz\dart\auctionProject\web", defaultDocument: 'auctionproject.html');
var handler = new Cascade()
.add(staticHandler) // serves web-client
.add(routes.handler) // serves content requested by web-client
.handler;
io.serve(handler, InternetAddress.LOOPBACK_IP_V4, 8080).then((server) {
print('Listening on port 8080');
}).catchError((error) => print(error));
}
The routes.dart
import 'handlers.dart' as handler;
import 'package:shelf_route/shelf_route.dart';
import 'package:shelf_auth/shelf_auth.dart' as sAuth;
Router routes = new Router()
..get('/anonymous', handler.handleAnonymousRequest);
//..post('/login', handler.handleLoginRequest); << this needs to be implemented
//other routs will come later
The handlers.dart
import 'dart:async';
import 'dart:convert';
import 'dart:io' show HttpHeaders;
import 'databaseUtility.dart';
import 'package:shelf_exception_response/exception.dart';
import 'package:shelf/shelf.dart' as shelf;
import 'package:shelf_path/shelf_path.dart';
shelf.Response handleAnonymousRequest(shelf.Request request) {
return new shelf.Response.ok('got anonymous get request');
}
Unfortunately after reading the shelf_auth documentation I still don't quite know where to add the authentication. They use the Pipline syntax for the handler.
I'll describe how session works in Java with servlets. This could help you in making your implementation work. First off, I have to mention that session and authentication are two separate functions, although the latter depends on the former.
A session helps the server understand consecutive requests coming from the same browser without a big idle time in between. Take a look at the below example:
Here is the impact on the server-side session for the above steps of the user:
Session use on the server-side:
Implementation details:
Authentication mechanisms just make use of the above session handling to detect "new sessions" and divert them to the login page. Also, existing sessions could be used to store attributes such as "auth-status" - "pass" or "fail".
这篇关于会话在dart的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
