Flask learning and project practice 8: introduction and use of cookies and sessions

1.cookie Introduce

cookie： In the initial website ,http Request is stateless . That is to say, even after connecting to the server for the first time and logging in successfully , The second request server still doesn't know which user the current request is .cookie To solve this problem , After the first login, the server returns some data （cookie） To the browser , Then the browser is saved locally , When the user sends a second request , Will automatically store the last request cookie Data is automatically carried to the server , The server can determine the current user through the data carried by the browser .cookie Limited amount of data stored , Different browsers have different storage sizes , But not more than 4KB. Therefore use cookie Only a small amount of data can be stored .

2.session Introduce

session: session and cookie It works a little bit like , It's all about storing user related information . The difference is ,cookie It's stored in a local browser ,session It's an idea 、 A concept 、 A solution of server storing authorization information , Different servers , Different frameworks , Different languages have different implementations . Although the implementation is different , But their purpose is the server to facilitate the storage of data .session Appearance , To solve the problem cookie Unsafe storage of data .

3. Why cookie still more session?

because cookie It's not safe , Just store it in the browser , It is prone to safety problems , So there is session Appearance .cookie Easy to be attacked by hackers .

4.cookie and session Use a combination of

Store on the server ： adopt cookie Store a session_id, Then the specific data is stored in session in . If the user is already logged in , Then the server will be in cookie Save a session_id, Next time I ask again , Will put the session_id Bring it up , Server according to session_id stay session Get user's session data . We can know who the user is , And some status information saved before . This technical term is called server side session. Data stored on the server will be more secure , Not easy to be stolen and attacked . But storage on the server has some drawbacks , It will occupy the resources of the server , But now servers have evolved to this day , some session There is more than enough information .

flask In the way ： take session Data encryption , Then stored in cookie in . This technical term is called client side session.flask That's how it works , But it can also be replaced with other forms .

5.flask In the operation cookie And session

Set up cookie Have to import response object . stay response These properties can be set in the object .

Then you can find it in the cookie Found in .

obtain cookie The way ：（ Note that the booster needs to be introduced first request）
for example ：from flask import Flask,Response,request,session

Set up session front , Need to set up session Of secret key To use .
It needs to be set as follows ： app.config【‘SECRET_KEY’】 = ‘123xxx’
And then there's the setup session 了 .

stay flask in session in Is to encrypt the data first （ As an ordinary string ）, And then use session_id As key, Store in cookie Medium .

because session It will be encrypted and stored in cookie in , So sensitive information will be used session Of .

For now session Acquisition ：