如何理解Python的web架構tornado文檔裡面的使用者認證的self.current_user?
裡面還有cookie_secret=”61oETzKXQAGaYdkL5gEmGeJJFuYh7EQnp2XdTP1o/Vo=”
tornado.escape.xhtml_escape 難以理解。 answer:
1.self.current_user 是用來擷取get_current_user返回的值
在tornado的源碼中
def get_current_user(self): """Override to determine the current user from, e.g., a cookie.""" return None
get_current_user 一直返回的是None, 如果沒有重寫它來獲得你想要的資料,在伺服器端的
self.current_user 就一直是None.
例如我們可以在get_current_user中返回cookie來代表使用者已經登入過並在瀏覽器儲存了cookie.
例如:
class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): # 取cookie return self.get_cookie(cookie_name)class SignInHandler(BaseHandler): def get(self): # 如果拿到的cookie不為None.表示使用者已經登入過。 if self.current_user: self.redirect(your_main_page) else: self.render(your_sign_in_page)
tornado.escape.xhtml_escape是用來轉義一些字元的。
_XHTML_ESCAPE_DICT = {'&': '&', '<': '<', '>': '>', '"': '"', '\'': '''}
cookie_secret 是當你使用set_secure_cookie 或get_secure_cookie時才會用到的。
這個是官方的解釋:
Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the currently logged in user, you need to sign your cookies to prevent forgery. Tornado supports signed cookies with the set_secure_cookie and get_secure_cookie methods. To use these methods, you need to specify a secret key named cookie_secret when you create your application.
cookie_secret 會在cookie產生的時候被使用(用cookie編碼),然後cookie_secret就相當於一把鑰匙,只有擁有這把鑰匙才能得到cookie裡面的資料。 轉自知乎:
https://www.zhihu.com/question/21030844/answer/62497541
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
