How do you understand the user-authenticated self.current_user in the Python web framework tornado document?

Source: Internet
Author: User
question:

How do you understand the user-authenticated self.current_user in the Python web framework tornado document?
There's cookie_secret= "61oetzkxqagaydkl5gemgejjfuyh7eqnp2xdtp1o/vo=."
Tornado.escape.xhtml_escape difficult to understand. Answer:

1.self.current_user is used to get the value returned by Get_current_user
In the source code of tornado

def get_current_user (self): "" "Override to Determine" ",
    e.g., a cookie.
    " "" Return None

Get_current_user always returns NONE, and if you don't rewrite it to get the data you want, on the server side of the
Self.current_user is always none.

For example, we can return a cookie in Get_current_user to represent a user who has logged in and saved cookies in the browser.
For example:

Class Basehandler (Tornado.web.RequestHandler):
    def get_current_user (self):
        # Fetch Cookie return
        self.get_ Cookie (cookie_name)

class Signinhandler (Basehandler):
    def get (self):
        # If the cookie received is not none. Indicates that the user has logged in.
        if Self.current_user:
            self.redirect (your_main_page)
        else:
            self.render (Your_sign_in_page)

Tornado.escape.xhtml_escape is used to escape some characters.

_xhtml_escape_dict = {' & ': ' &amp; ', ' < ': ' &lt; ', ' > ': ' &gt; ', ' ' ': ' &quot; ', ' '
                      : ' & ' #39; '}

Cookie_secret is used when you use Set_secure_cookie or Get_secure_cookie.
This is an official explanation:

Cookies are not secure and can easily are modified by clients. If you are need to set cookies to, e.g., identify the currently logged into user, you need to sign your cookies to prevent forge Ry. Tornado supports signed cookies with the Set_secure_cookie and Get_secure_cookie. To use this methods, you are need to specify a secret key named Cookie_secret if you create your application.

Cookie_secret will be used when the cookie is generated (encoded by cookies), and then the Cookie_secret is the equivalent of a key, and only if you have the key can you get the data in the cookie. turn to know:

https://www.zhihu.com/question/21030844/answer/62497541

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.