question:
How do you understand the user-authenticated self.current_user in the Python web framework tornado document?
There's cookie_secret= "61oetzkxqagaydkl5gemgejjfuyh7eqnp2xdtp1o/vo=."
Tornado.escape.xhtml_escape difficult to understand. Answer:
1.self.current_user is used to get the value returned by Get_current_user
In the source code of tornado
def get_current_user (self): "" "Override to Determine" ",
e.g., a cookie.
" "" Return None
Get_current_user always returns NONE, and if you don't rewrite it to get the data you want, on the server side of the
Self.current_user is always none.
For example, we can return a cookie in Get_current_user to represent a user who has logged in and saved cookies in the browser.
For example:
Class Basehandler (Tornado.web.RequestHandler):
def get_current_user (self):
# Fetch Cookie return
self.get_ Cookie (cookie_name)
class Signinhandler (Basehandler):
def get (self):
# If the cookie received is not none. Indicates that the user has logged in.
if Self.current_user:
self.redirect (your_main_page)
else:
self.render (Your_sign_in_page)
Tornado.escape.xhtml_escape is used to escape some characters.
_xhtml_escape_dict = {' & ': ' & ', ' < ': ' < ', ' > ': ' > ', ' ' ': ' " ', ' '
: ' & ' #39; '}
Cookie_secret is used when you use Set_secure_cookie or Get_secure_cookie.
This is an official explanation:
Cookies are not secure and can easily are modified by clients. If you are need to set cookies to, e.g., identify the currently logged into user, you need to sign your cookies to prevent forge Ry. Tornado supports signed cookies with the Set_secure_cookie and Get_secure_cookie. To use this methods, you are need to specify a secret key named Cookie_secret if you create your application.
Cookie_secret will be used when the cookie is generated (encoded by cookies), and then the Cookie_secret is the equivalent of a key, and only if you have the key can you get the data in the cookie. turn to know:
https://www.zhihu.com/question/21030844/answer/62497541