如何在烧瓶中的不同会话之间进行通信
[英]how to communicate between different sessions in flask
问题描述
here is an application case, my description is simplified. 
这是一个应用案例,我的描述得到了简化。
here are 3 roles of a website: admin, moderator, and visitor 这是网站的3个角色:管理员,主持人和访问者
admin can control everything, moderator manages some part of the website, and visitors can post threads and read threads 管理员可以控制一切,主持人可以管理网站的某些部分,访问者可以发布主题和阅读主题
the relationship of the users, roles and permissions are stored in the database in RBAC style 用户,角色和权限的关系以RBAC样式存储在数据库中
now admin want to downgrade a moderator to visitor, it's easy to manipulate the operation in the database. 现在,管理员想将主持人降级为访问者,因此很容易在数据库中进行操作。
but if the moderator is still online when this action is performed, there will be problem. 但是如果执行此操作时主持人仍处于在线状态,则会出现问题。
the admin and the moderator have two different session, and to accelerate the website speed, normally we put the roles and permissions in session, we don't query it every time when the user send request, so the admin's manipulation would not modify the session of the moderator. 管理员和主持人有两个不同的会话,并且为了提高网站速度,通常我们将角色和权限放在会话中,我们不会在用户每次发送请求时都进行查询,因此管理员的操作不会修改会话主持人的。 once the moderator session is not expired, the moderator still has the permissions. 主持人会话未过期后,主持人仍具有权限。
so the essential requirement is how to manipulate one session by another session in the web service. 因此,基本要求是如何在Web服务中通过另一个会话来操纵一个会话。
my website is based on python. 我的网站基于python。 Because RBAC is required, so I prefer flask more than django 因为需要RBAC,所以我更喜欢烧瓶而不是Django
django.auth module can control the access permission to each model, but what we want to control is the api/url not the model. django.auth模块可以控制对每个模型的访问权限,但是我们要控制的是api / url而不是模型。 Because rest_framework.authentication.TokenAuthentication based on django.auth, if we give up django.auth, we have to develop own token handler to defeat CSRF, but I don't want more work load. 因为rest_framework.authentication.TokenAuthentication基于django.auth,所以如果我们放弃django.auth,我们必须开发自己的令牌处理程序来击败CSRF,但是我不想增加工作量。
so my question is: how to handle this situation? 所以我的问题是:如何处理这种情况? how to communicate or operation between different sessions in the web service, especially flask or django 如何在Web服务中的不同会话之间进行通信或操作,尤其是flask或django
if flask can resolve this problem, I'll feel better. 如果烧瓶能解决这个问题,我会感觉更好。 or solution based on django is also ok. 或基于Django的解决方案也可以。
1 个解决方案
解决方案1
1 2019-08-22 21:22:57
If loading user from the database is slowing your application down, then I assume it is under heavy load and using a Redis server would speed things up. 如果从数据库加载用户使您的应用程序变慢,那么我认为它的负载很重,并且使用Redis服务器可以加快速度。 You can use it for: 您可以将其用于:
- Creating a data structure in Redis (for example: a hash) to store user information. 在Redis中创建数据结构(例如:哈希)以存储用户信息。 Loading user from Redis is much faster. 从Redis加载用户要快得多。 When your create/update a user in the database, you will have to modify the data in Redis, too. 在数据库中创建/更新用户时,您也必须在Redis中修改数据。 This way all user roles and permissions will be up-to-date. 这样,所有用户角色和权限都将是最新的。
- Creating server side sessions with Flask-Session . 使用Flask-Session创建服务器端会话。 All the session data is kept on the server and the user gets a key to access it. 所有会话数据都保存在服务器上,并且用户获得了访问它的密钥。 If you delete the key on the server the session is deleted and the user will have to login again. 如果您删除服务器上的密钥,则会话将被删除,用户将不得不再次登录。
But I think that loading user from the database is the best solution. 但是我认为从数据库加载用户是最好的解决方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.