Flask-0.10中的会话cookie如何手动反序列化?
[英]How can a session cookie from Flask-0.10 be deserialized manually?
问题描述
I have the raw value of a session cookie from a Flask-0.10 application. 
我有Flask-0.10应用程序中会话cookie的原始值。 I need to read the session in another application that is not using Flask, so I don't have access to the session proxy. 我需要在另一个未使用Flask的应用程序中读取会话,因此我无权访问session代理。
In Flask-0.9 I could do the following: 在Flask-0.9中,我可以执行以下操作:
session = SecureCookieSession.unserialize(cookie, app.secret_key)
However, this method no longer exists in Flask-0.10. 但是,此方法在Flask-0.10中不再存在。 How can I read the cookie data now? 我现在如何读取Cookie数据?
1 个解决方案
解决方案1
5 已采纳 2014-09-22 04:18:30
Flask-0.10 switched to itsdangerous for serializing the session. Flask-0.10切换为序列化会话危险 。 See the relevant source code for how the session is read in Flask. 有关如何在Flask中读取会话的信息,请参见相关的源代码 。
If you have a session serialized by Flask's default session interface, you can read it manually as follows. 如果您有一个通过Flask的默认会话界面序列化的会话,则可以按以下方式手动读取它。
Assuming your secret key is 'dev' , the session data {'hello': 'world'} is serialized to 'eyJoZWxsbyI6IndvcmxkIn0.BwEv5w.o3gYYutryNy7di1E3LbJZbCFGfY' . 假设您的密钥是'dev' ,则会话数据{'hello': 'world'}被序列化为'eyJoZWxsbyI6IndvcmxkIn0.BwEv5w.o3gYYutryNy7di1E3LbJZbCFGfY' 。
from hashlib import sha1
from flask.sessions import session_json_serializer
from itsdangerous import URLSafeTimedSerializer
s = URLSafeTimedSerializer(
'dev', salt='cookie-session',
serializer=session_json_serializer,
signer_kwargs={'key_derivation': 'hmac', 'digest_method': sha1}
)
session_data = s.loads('eyJoZWxsbyI6IndvcmxkIn0.BwEv5w.o3gYYutryNy7di1E3LbJZbCFGfY')
assert session_data['hello'] == 'world' # True
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.