我正在使用flask-login https://github.com/maxcountryman/flask-login,并且在login_user中记住的字段似乎不起作用。
每次重新启动apache后会话都会被销毁。最后,remember字段应该处理这个..甚至会话值都会被破坏。这真是令人沮丧......任何人都知道解决方案请ping ...谢谢 我使用login_user作为
login_user(user, remember=True)
答案 0 :(得分:3)
如果有人遇到此问题,您必须正确编写 user_loader 功能。
@login_manager.user_loader
def load_user(id):
return "get the user properly and create the usermixin object"
答案 1 :(得分:1)
你必须在用户mixen和user_loader中设置get_auth_token
class User(UserMixin):
def get_auth_token(self):
"""
Encode a secure token for cookie
"""
data = [str(self.id), self.password]
return login_serializer.dumps(data)
和
@login_manager.token_loader
def load_token(token):
"""
Flask-Login token_loader callback.
The token_loader function asks this function to take the token that was
stored on the users computer process it to check if its valid and then
return a User Object if its valid or None if its not valid.
"""
#The Token itself was generated by User.get_auth_token. So it is up to
#us to known the format of the token data itself.
#The Token was encrypted using itsdangerous.URLSafeTimedSerializer which
#allows us to have a max_age on the token itself. When the cookie is stored
#on the users computer it also has a exipry date, but could be changed by
#the user, so this feature allows us to enforce the exipry date of the token
#server side and not rely on the users cookie to exipre.
max_age = app.config["REMEMBER_COOKIE_DURATION"].total_seconds()
#Decrypt the Security Token, data = [username, hashpass]
data = login_serializer.loads(token, max_age=max_age)
#Find the User
user = User.get(data[0])
#Check Password and return user or None
if user and data[1] == user.password:
return user
return None
这两种方法都使用模块itsdangerous来加密记住我的cookie
from itsdangerous import URLSafeTimedSerializer
我写了一篇关于我是如何做到的博客文章 Flask-Login Auth Tokens
答案 2 :(得分:0)
我遇到了这个问题,但这是因为我们在启动时将Flask.secret_key设置为新的GUID。我们将其移至配置文件(每个环境的唯一ID),现在会话保持不变。