在Tornado登出不起作用

时间:2013-04-24 11:07:08

标签: python logging cookies tornado

我在Tornado中编写了登录和注销处理程序,用于登录Google外部服务。

处理程序如下:

###############################################################################
# Manage login requests using Google authentication
###############################################################################
class AuthLoginHandler(BaseHandler, tornado.auth.GoogleMixin):
    @tornado.web.asynchronous
    def get(self):
        if self.get_argument("openid.mode", None):
            self.get_authenticated_user(self.async_callback(self._on_auth))
            return
        self.authenticate_redirect()

    # Authentication-OK callback.
    # Save user info on the first connection.
    # Only save a last-login timestamp otherwise.
    def _on_auth(self, user):
        if not user:
            raise tornado.web.HTTPError(500, "Google auth failed")

        str_time = datetime.datetime.now().isoformat()

        usr = self.db.get("SELECT * FROM users WHERE email=%s", user["email"])
        if not usr:
            # Create user entry in the WSN-database
            self.lock_tables("write", ['users'])
            usr_id = self.db.execute("INSERT INTO users (email, name, last_access) \
                                                  VALUES (%s,%s,%s)",
                                                  user["email"], user["name"], str_time)
            self.unlock_tables()
        else: 
            self.lock_tables("write", ['users'])
            usr_id = usr["id"]
            self.db.execute("UPDATE users SET last_access=%s WHERE id=%s",
                            str_time, usr_id)
            self.unlock_tables()

        self.set_secure_cookie("user", str(usr_id))
    self.info("Hello <b>" + user["name"] + "</b>!")
        self.redirect(self.get_argument("next", "/"))

    # Do not log Login info
    def _log(self):
        pass

################################################################################
# Logout handler. Simply clear the "user" cookie and redirect to homepage.
################################################################################
class AuthLogoutHandler(BaseHandler, tornado.auth.GoogleMixin):
    def get(self):
        self.clear_cookie("user")
    self.notice("You have successfully logged out")
        self.redirect("/")

我想,当用户退出时,点击他没有登录的浏览器的后退按钮。换句话说,我会认为后退按钮不起作用...相反,如果我退出用户,如果他点击后退按钮,他可以在网页中导航,就像他总是登录一样..

有什么建议吗?谢谢。

1 个答案:

答案 0 :(得分:1)

我认为通过后退按钮导航到的页面位于浏览器的缓存中。尝试键入F5重新加载页面,看看用户是否仍然登录。