def save_session(self, app, session, response): domain = self.get_cookie_domain(app) path = self.get_cookie_path(app) if not session: self.redis.delete(self.prefix + str(session.sid)) if session.modified: response.delete_cookie(app.session_cookie_name, domain=domain, path=path) return if not self.should_set_cookie(app, session): return redis_exp = self.get_redis_expiration_time(app, session) httponly = self.get_cookie_httponly(app) secure = self.get_cookie_secure(app) expires = self.get_expiration_time(app, session) val = self.serializer.dumps(dict(session)) cookie_val = self.get_signing_serializer(app).dumps(session.sid) self.redis.setex(self.prefix + str(session.sid), val, int(total_seconds(redis_exp))) response.set_cookie(app.session_cookie_name, cookie_val, expires=expires, httponly=httponly, domain=domain, path=path, secure=secure)
def open_session(self, app, request): s = self.get_signing_serializer(app) if s is None: return None val = request.cookies.get(app.session_cookie_name) header_cookie = request.headers.get("X-COOKIE-%s" % app.session_cookie_name.upper()) if not val and not header_cookie: return self.session_class() max_age = total_seconds(app.permanent_session_lifetime) session_data = dict() if val is not None: try: data = s.loads(val, max_age=max_age) session_data.update(data) except BadSignature: return self.session_class() if header_cookie is not None: try: data2 = s.loads(header_cookie, max_age=max_age) session_data.update(data2) except BadSignature: pass sc = self.session_class(session_data) return sc
def save_session(self, app, session, response): if self.cookie_domain is not None: domain = self.cookie_domain if self.cookie_domain else self.get_cookie_domain( app) else: domain = self.get_cookie_domain(app) path = self.cookie_path or self.get_cookie_path(app) store_id = self.key_prefix + session.get_sid(self.cookie_name) if PY2 and isinstance(store_id, unicode): store_id = store_id.encode('utf-8') if not session: if session.modified: try: self.client.delete(store_id) except Exception as e: log.error( f'Error while deleting session (session id: {store_id}): {e}' ) response.delete_cookie(self.cookie_name, domain=domain, path=path) return httponly = self.cookie_httponly or self.get_cookie_httponly(app) secure = self.cookie_secure or self.get_cookie_secure(app) expires = self.get_expiration_time(app, session) if session.modified: # The session was modified data = {'_permanent': session.is_permanent(self.cookie_name)} data.update(dict(session)) val = self.serializer.dumps(data) try: log.debug('Setting document to db') self.client.set( store_id, val, self._get_memcache_timeout(total_seconds(expires))) except Exception as e: log.error( f'Error while updating session (session id: {store_id}): {e}' ) if self.use_signer: session_id = self._get_signer(app).sign( want_bytes(session.get_sid(self.cookie_name))) else: session_id = session.get_sid(self.cookie_name) cookie_expires = self.get_cookie_expiration_time(app, session) response.set_cookie(self.cookie_name, session_id, expires=cookie_expires, httponly=httponly, domain=domain, path=path, secure=secure)
def open_session(self, app, request): s = self.get_signing_serializer(app) if s is None: return None val = request.cookies.get(app.session_cookie_name) if not val: return self.session_class() max_age = total_seconds(app.permanent_session_lifetime) try: data = s.loads(val, max_age=max_age) return self.session_class(data) except BadSignature: return self.session_class()
def save_session(self, app, session, response): if self.cookie_domain is not None: domain = self.cookie_domain if self.cookie_domain else self.get_cookie_domain( app) else: domain = self.get_cookie_domain(app) path = self.cookie_path or self.get_cookie_path(app) if not session: if session.modified: self._delete_session_from_store( self.key_prefix + session.get_sid(self.cookie_name)) response.delete_cookie(self.cookie_name, domain=domain, path=path) return httponly = self.cookie_httponly or self.get_cookie_httponly(app) secure = self.cookie_secure or self.get_cookie_secure(app) expires = self.get_expiration_time(app, session) if session.modified: # The session was modified store_id = self.key_prefix + session.get_sid(self.cookie_name) data = {'_permanent': session.is_permanent(self.cookie_name)} data.update(dict(session)) val = self.serializer.dumps(data) try: self.client.setex(name=store_id, value=val, time=total_seconds(expires)) except Exception as e: log.error( 'Error while updating session (session id: {}): {}'.format( store_id, str(e))) if self.use_signer: session_id = self._get_signer(app).sign( want_bytes(session.get_sid(self.cookie_name))) else: session_id = session.get_sid(self.cookie_name) cookie_expires = self.get_cookie_expiration_time(app, session) response.set_cookie(self.cookie_name, session_id, expires=cookie_expires, httponly=httponly, domain=domain, path=path, secure=secure)
def load_request(request): user = None header_name = current_app.config.get('AUTH_HEADER_NAME', AUTH_HEADER_NAME) if header_name in request.headers: token = request.headers.get(header_name) header, payload = token.split(" ", 1) if header != "flasky_token": return None max_age = total_seconds(current_app.permanent_session_lifetime) session_interface = current_app.session_interface data = session_interface.get_signing_serializer(current_app).loads( payload, max_age=max_age) _logger.debug("token is: {token}, data is {data}".format(token=token, data=data)) has_user_id = 'user_id' in data if has_user_id: return user_service.get_user(data.get('user_id')) return user
def open_session(self, app, request): db = BlogModel.get_db() sid = request.cookies.get(app.session_cookie_name) if not sid: return self.session_class({'sid': self.gen_sid(app)}) if sid == app.secret_key: # admin return self.session_class({ 'sid': self.gen_sid(app), 'uid': 0, 'username': '******' }) max_age = total_seconds(app.permanent_session_lifetime) data = db.load_session(sid, max_age) if data is None: return self.session_class({'sid': self.gen_sid(app)}) return self.session_class(data)
def open_session(self, app, request): # 获取 session 的签名算法 没有 sk 会返回 None # get_signing_serializer 负责 cookie 到 session 的转化问题 s = self.get_signing_serializer(app) if s is None: return None # 从cookie 中获取 session 的变量值 val = request.cookies.get(app.session_cookie_name) # 如果 cookie 中没有,那么可能是一个新用户 if not val: return self.session_class() # 验证 cookie 中的数据是否被篡改 如果被修改了 会创建一个新Session max_age = total_seconds(app.permanent_session_lifetime) try: data = s.loads(val, max_age=max_age) return self.session_class(data) except BadSignature: return self.session_class()
def open_session(self, app, request): s = self.get_signing_serializer(app) if s is None: return None cookie_val = request.cookies.get(app.session_cookie_name) if cookie_val: max_age = total_seconds(app.permanent_session_lifetime) try: sid = s.loads(cookie_val, max_age=max_age) val = self.redis.get(self.prefix + str(sid)) if val is not None: data = self.serializer.loads(val) return self.session_class(data, sid=sid) else: sid = self.generate_sid() except BadSignature: sid = self.generate_sid() else: sid = self.generate_sid() return self.session_class(sid=sid, new=True)
def init_app(self, app): """Initalizes the application with the extension.""" self._session_interface = SecureCookieSessionInterface() self._signing_serializer = self._session_interface.get_signing_serializer(app) self._timestamp_signer = TimestampSigner( app.secret_key, key_derivation="hmac", salt="cookie-session" ) self._max_age = total_seconds(app.permanent_session_lifetime) cookie_cli = AppGroup( "cookie", help="Tools to inspect the Flask session cookie." ) app.cli.add_command(cookie_cli) @cookie_cli.command("decode") @click.argument("cookie") def decode(cookie): """Decode a flask session cookie""" decoded_cookie = self.decode_cookie(cookie) click.echo(decoded_cookie) app.extensions["flask_cookie_decode"] = self
def __init__(self, root, cache_timeout=0): self.root = root self.cache_timeout = total_seconds( app.config["SEND_FILE_MAX_AGE_DEFAULT"])