由于某些原因,登录后,每个POST请求都会更改Twisted会话cookie。为什么会这样?我希望会话uid在连接丢失或用户注销之前保持一致。
这是我的代码导致每个请求的会话不同:
from twisted.web.server import Site, http
from twisted.internet import reactor
from twisted.web.resource import Resource
import json
class HttpResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
session_id = request.getSession().uid
print "HttpResource session ID: {}".format(session_id)
class LoginResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
log("Login request")
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
req = request.content.read()
session_id = request.getSession().uid
try:
jsQ = json.loads(req)
except Exception as e:
return e
# User credentials
username = jsQ['username']
password = jsQ['password']
# Authenticate the User
if username == 'test' and password == 'test':
# Create a new session
print "Login session ID: {}".format(session_id)
else:
request.setResponseCode(401)
return "Invalid username or password"
class RefreshResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
print "Refresh session ID: {}".format(request.getSession().uid)
class HttpFactory(Site):
def __init__(self, resource):
http.HTTPFactory.__init__(self)
self.resource = resource
self.sessions = {}
self.user_info = {}
if __name__ == '__main__':
root = Resource()
root.putChild("", HttpResource())
root.putChild("login", LoginResource())
root.putChild("refresh", RefreshResource())
site = HttpFactory(root)
reactor.listenTCP(8000, site)
reactor.run()
答案 0 :(得分:1)
Twisted Web会话基于cookie。要使会话对客户端保持活动状态,他们必须尊重服务器的Set-Cookie响应(保存Cookie并在将来的请求中重新发送)。
如果您的客户端像curl,那么:
$ curl http://localhost:8000/
将在运行后删除会话cookie。如果再次运行该命令,您将获得一个新会话,因为客户端不会发送会话cookie,并且服务器无法知道该请求属于先前创建的会话。
如果告诉curl通常使用如下命令处理cookie:
$ curl --cookie session-cookies --cookie-jar session-cookies http://localhost:8000/
然后curl将保存服务器设置的会话cookie。如果再次运行该命令,它会将会话cookie发送回服务器,您将看到重用的会话。