Tornado get_secure_cookie()间歇性地返回值

时间:2015-02-24 21:08:48

标签: python-2.7 session-cookies tornado

在龙卷风中使用get_secure_cookie()重定向时遇到问题。

似乎多次调用get_current_user()方法,并通过self.get_secure_cookie("userid")间歇性地查找数据。

以下代码让我在登录后访问受保护的页面,但无法正确重定向:

class BaseHandler(tornado.web.RequestHandler):
    def get_current_user(self):
        username, self._user_perms = database.get_user_info(int(self.get_secure_cookie("userid") or 0))
        log.warning("WE HAVE A USERID %r and username: %r", self.get_secure_cookie("userid"), username)
        if self._user_perms: return username # If perms==0, the user has been banned, and should be treated as not-logged-in.

在输出日志中:

2015-02-24 14:37:36,399:WARNING:__main__:WE HAVE A USERID None and username: None
2015-02-24 14:37:36,412:WARNING:__main__:WE HAVE A USERID None and username: None
2015-02-24 14:37:36,412:WARNING:__main__:WE GO:  u'/submit' AS None
2015-02-24 14:37:36,413:WARNING:__main__:WE HAVE A USERID None and username: None
2015-02-24 14:37:36,425:WARNING:__main__:WE HAVE A USERID None and username: None
2015-02-24 14:37:38,723:WARNING:__main__:WE HAVE A USERID '2' and username: u'My Name'

登录类如下:

class Login(BaseHandler):
    def get(self):
        form = UserForm()
        username = self.get_current_user()
        if self.get_current_user():
            self.redirect(self.get_argument('next', '/')) # Change this line
            return
        else:
            self.write(templates.load("login.html").generate(compiled=compiled, form=form, \
                                errormessage=errormessage, user_name=self.current_user))

    def post(self):
        form = UserForm(self.request.arguments)
        if form.validate():
            user_id = database.verify_user(self.get_argument('email'),\
                                self.get_argument('password'))
            if user_id:
                user_name, perms = database.get_user_info(user_id)
                if perms: self.set_secure_cookie("userid", str(user_id)) 
                self.redirect(self.get_argument("next", "/"))
            else:
                notice = "LOGIN FAILED. PLEASE TRY AGAIN."
                self.write(templates.load("login.html").generate(compiled=compiled, form=form, \
                                        notice=notice, user_name=self.current_user ))
        else:
            self.set_status(400)
            self.write(form.errors)

我想也许这需要花费一些时间才能使secure_cookie变得可访问并尝试使用相同(慢得多)的结果抛出time.sleep(2)

我还没有看到什么?

更新:

如下所述,最终做的诀窍是:

templates/login.html

<input type="hidden" name="next" value="{{ next }}" />

tornado app

#within the Login(BaseHandler) class
self.write(templates.load("login.html").generate(compiled=compiled, form=form, next=self.get_argument('next', "/"),
                        errormessage=errormessage, user_name=self.current_user, notice=notice ))

1 个答案:

答案 0 :(得分:1)

看起来'next'参数没有通过表单传递。您需要将其传递给login.html表单,然后将其传回,例如使用隐藏的输入元素。然后它将在POST端点中可用。

相关问题
最新问题