有人请帮忙。我是金字塔的新手。所以根据关于AuthTktAuthenticationPolicy
的金字塔文档 开发人员说,我们可以根据不活动情况设置自动过期的cookie - 真棒。 但它对我不起作用,因此它表示您需要使用 reissue_time 参数并将其与超时配对。如果超时例如设置为1200,那么 reissue_time 应为timout / 10 = 120,2分钟。 据我所知,关键是当用户处于非活动状态时,在2分钟后自动注销。但是当我尝试重新加载页面令牌或会话未到期时。#myapp/__init__.py
from pyramid.config import Configurator
from sqlalchemy import engine_from_config
from myapp.models import initialize_sql
from myapp import views
from pyramid.authentication import AuthTktAuthenticationPolicy
from pyramid.authorization import ACLAuthorizationPolicy
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
authentication_policy = AuthTktAuthenticationPolicy(secret='secret', hashalg='sha512', timeout=1200, reissue_time=120)
authorization_policy = ACLAuthorizationPolicy()
config = Configurator(settings=settings, root_factory='myapp.factory.RootFactory', )
config.include('pyramid_jinja2')
#config.add_jinja2_renderer('.html', settings_prefix='jinja2.')
config.add_static_view('static', 'static', cache_max_age=3600)
config.scan('myapp.models')
config.set_authentication_policy(authentication_policy)
config.set_authorization_policy(authorization_policy)
engine = engine_from_config(settings, 'sqlalchemy.')
initialize_sql(engine)
views.routes(config)
return config.make_wsgi_app()
#factory/rootfactory.py
from pyramid.security import (
Allow,
Authenticated,
)
class RootFactory(object):
'''Root factory class. Acl auth system'''
__acl__ = [(Allow, Authenticated, 'view'),]
def __init__(self, request):
pass
#views/__init__.py
def routes(config):
config.add_route('home', '/')
config.add_route('login', '/login')
config.add_route('logout', '/logout')
config.scan('myapp')
#views/auth.py
from pyramid.response import Response
from pyramid.security import remember, forget, authenticated_userid
from pyramid.httpexceptions import HTTPFound, HTTPForbidden
from pyramid.view import view_config, forbidden_view_config
from sqlalchemy.exc import DBAPIError
from ..models import DBSession
from ..models.user import User
from ..forms.login import LoginForm
@view_config(route_name='login', renderer='myapp:templates/login.jinja2')
@forbidden_view_config(renderer='myapp:templates/login.jinja2')
def login_view(request):
if request.authenticated_userid:
return HTTPFound(location=request.application_url)
next = request.params.get('next') or request.route_url('home')
login_form = LoginForm(request.POST)
if request.method == 'POST' and login_form.validate():
login = request.params.get('login', '')
password = request.params.get('password', '')
user = User.by_login(login)
if user and user.validate_password(password):
headers = remember(request, login)
return HTTPFound(location=next, headers=headers)
return {'form': login_form}
@view_config(route_name='logout', renderer='myapp:templates/logout.jinja2')
def logout_view(request):
headers = forget(request)
loc = request.route_url('login')
return HTTPFound(location=loc, headers=headers)
#views/home.py
from pyramid.security import authenticated_userid
from pyramid.httpexceptions import HTTPForbidden
from pyramid.response import Response
from pyramid.view import view_config
from sqlalchemy.exc import DBAPIError
from ..models import DBSession
from ..models.user import User
@view_config(route_name='home', permission='view', renderer='myapp:templates/base.jinja2')
def home_view(request):
return Response('Ok')
答案 0 :(得分:0)
您的会话在 1200 秒或20分钟后注销。您最多每120秒或2分钟发给一个新的cookie。
换句话说,reissue_time仅限制发出新令牌的频率。如果用户非常频繁地联系服务器,那么继续发行新令牌将是昂贵的。相反,只有旧令牌至少reissue_time秒时才会发出新令牌。
仅当用户与发布时间超过timeout秒的cookie联系服务器时,会话才会失效。