没有Cookie的烧瓶登录/会话?
[英]Flask Login/Session without cookies?
问题描述
When my user happens to have cookies disabled in their browsers, will Flask Login (Flask Session management in general) still work? 
当我的用户恰巧在其浏览器中禁用了cookie时,Flask登录(通常为Flask Session管理)仍然可以使用吗? Ie, does it default to an alternative, like storing information somewhere in the server-side filesystem? 即,它是否默认为替代方法,例如将信息存储在服务器端文件系统中的某处?
1 个解决方案
解决方案1
2 已采纳 2017-09-09 22:34:13
HTTP is a stateless protocol. HTTP是无状态协议。 Your only option to track a login session is by somehow tying a request to a specific user. 跟踪登录会话的唯一选择是通过某种方式将请求绑定到特定用户。 Unless browsers start sending some other unique identifying piece of information, cookies are your best option. 除非浏览器开始发送其他一些唯一的识别信息,否则cookie是您的最佳选择。 Another alternative is to use Basic authentication , where the user is asked to enter a username and password in a standard dialog box (this can't be styled) and the browser will then send this data (unencrypted) along with every request. 另一种选择是使用基本身份验证 ,其中要求用户在标准对话框中输入用户名和密码(无法设置样式),然后浏览器将随每个请求一起发送此数据(未加密)。
All other techniques are far more involved, see User recognition without cookies or local storage for example. 所有其他技术的参与程度都更高,例如,请参见没有cookie或本地存储的用户识别 。 Also see How can I uniquely identify an user when cookies are not an option? 另请参阅无法选择Cookie时如何唯一标识用户? for more options. 有关更多选项。
Flask-Login does support Basic Authentication; Flask-Login确实支持基本身份验证; the documentation covers two different techniques for supporting this option. 文档涵盖了两种支持该选项的技术。 If you do choose to use this, make sure your site is only accessible over HTTPS encryption to prevent the username / password combination from being stolen, letting someone else log in. 如果确实选择使用此功能,请确保只能通过HTTPS加密访问您的站点,以防止用户名/密码组合被盗,让其他人登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.