stackoom
  简体   繁体   中英

Return request context after requests.post

 原文  2018-11-12 21:45:34       python/ flask/ python-requests

Question

I have a Server A that makes a POST request to Server B using python's request module ( r = request.post(url=url) ). Server B modifies the request and returns a response with a redirect to a url. I can access the redirected url by doing a redirect(r.url) on Server A but I need to pass the modified request context along with it. Is this possible?

Scenario: Server A is running on python Flask. 

r = requests.post(url='https://serverb.com/validateToken', data={'token':'abc'})
redirect(r.url)

Server B is running on python Django. 

def validateToken(request):
  # On successful validation
  request.session[key] = mapped_token_to_user_id
  redirect('/successfulToken') # On server B

When accessing /successfulToken , Server B checks to see if session exists on request object but because of the redirects, the request is naked.

1 answers

solution1
 0 ACCPTED  2018-11-12 22:21:49

The Django server will have set a cookie to identify the client associated with the session: 

request.session[key] = mapped_token_to_user_id

See the Django session documentation :

The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis. It stores data on the server side and abstracts the sending and receiving of cookies. Cookies contain a session ID [...]

You then redirect the browser connected to Server A to the URL returned from Server B, but you discard the cookie information. The client connecting to Server A doesn't have the cookie, so it won't pass this on to Server B.

And unless Server B is on the same domain as Server A , you can't pass that cookie along to the client. Browsers will not send cookies received from one domain to another domain; cookies for stackoverflow.com should not be shared with, say, google.com , that would be a really big security issue if they did.

So if Server A and Server B are on two different domains (eg foo.bar.example for server A and spam.ham.example for server B) then there is no path for you to pass along the cookie to the client as you redirect the client to server B. In that case you must have Server A directly connect to the new Server B URL, passing along the cookie from the response.

If Server A and Server B do share a domain ( foo.bar.example and spam.bar.example share .bar.example as the domain name), then you can set a cookie for that shared domain name (with a . prefix on the name) to tell the client that it can share this cookie with all servers in the same domain name.

Either way, you need to extract the session cookie; the default name used by Django is sessionid : 

session_cookie = r.cookies['sessionid']

If you are going to connect to the new URL from server A, you need to add that cookie to the outgoing request ( requests.get(url, cookies={'sessionid': session_cookie} ).

If you are going to give it to the client on a redirect, set it on the response before you return it: 

response = redirect(r.url)
response.set_cookie('sessionid', session_cookie, domain='.bar.example')
return response

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question requests.post return HTTP 200 python No response for XHR request in python with requests.post() requests.post with Python Mock requests.post How to wait for a POST request (requests.post) completion in Python? How can I translate this requests.post into a locust request? request error 400 while using python requests.post function Html comes back weird after requests.post Alternative to requests.post function? `requests.post` not connecting correctly
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM