webPy會話-並發用戶使用相同的會話和會話超時
[英]webPy Sessions - Concurrent users use same session and session timeout
問題描述
我有一個使用會話進行用戶身份驗證的webPy應用程序。 像這樣啟動會話:
web.config.debug=False
store = web.session.DiskStore('/path_to_app/sessions')
if web.config.get('_session') is None:
web.config.session_parameters['ignore_expiry'] = False
web.config.session_parameters['timeout'] = 600
web.config.session_parameters['max_age'] = 600
web.config.session_parameters['ignore_change_ip'] = False
web.config.session_parameters['expired_message'] = 'Session Expired... Please reload the page and login in again.'
web.config.session_parameters['cookie_name'] = 'my_session_id'
session_init = web.session.Session(app, store, initializer={'login':0, 'privilege':0, 'user':'none'})
session = session_init._initializer
web.config._session = session
else:
session = web.config._session
這是登錄類:
class Login:
def GET(self):
if logged() == True:
return render.index()
else:
render = create_render(session['privilege'])
return render.login()
def POST(self):
data= web.input()
name = data['user']
passwd = data['passwd']
ident = model.get_users(m, name)
try:
if passwd == ident.password.strip():
session['login'] = 1
session['privilege'] = ident['privilege']
session['user'] = name
render = create_render(session['privilege'])
return render.index()
else:
session.login = 0
session.privilege = 0
session.user = 'none'
render = create_render(session['privilege'])
return render.login()
except:
session['login'] = 0
session['privilege'] = 0
render = create_render(session['privilege'])
return render.login()
這是記錄的檢查:
def logged():
if session['login']==1:
return True
else:
return False
我有兩個無法解決的問題:
- 當存在到Web服務器的並發連接時,它們將使用相同的會話,因此,如果某個會話已經登錄,則另一個用於連接該站點的連接將直接進入而無需身份驗證。
更新:
實際上在磁盤存儲中為每個用戶創建了一個新會話,但是除ID之外的詳細信息是相同的-問題仍然表明,新用戶不需要進行身份驗證:
>>> x = base64.b64decode(open("/path_to_app/sessions/71b598e8a40c62cc6b5a1bf7a380d67886e87859").read())
>>> pickle.loads(x)
{'privilege': 2, 'ip': u'137.237.225.56', 'login': 1, 'user': u'admin', 'session_id': '71b598e8a40c62cc6b5a1bf7a380d67886e87859'}
>>>
>>> y = base64.b64decode(open("/path_to_app/sessions/5a7364dc2a23ea69c61212bc496500cbb15f89bd").read())
>>> pickle.loads(y)
{'privilege': 2, 'ip': u'137.237.225.133', 'login': 1, 'user': u'admin', 'session_id': '5a7364dc2a23ea69c61212bc496500cbb15f89bd'}
- 會話到期時,不會將其刪除。 我可以看到會話即將終止並按照定義生成消息,但是如果用戶刷新頁面,他們將再次進入。 有沒有辦法在會話過期時終止會話?
謝謝!
1 個解決方案
解決方案1
1 已采納 2015-12-03 09:31:29
如果將來有人發現這個問題並想知道我學到了什么,我不喜歡掛在嘴邊。
我最終放棄了web.py中的會話,並僅使用客戶端cookie移到了Beaker Session Middleware。
一個簡單的例子:
import web
from beaker.middleware import SessionMiddleware
urls = (
'/', 'index',
'/login', 'Login',
'/logout', 'Logout'
)
t_globals = {
'datestr': web.datestr,
'str': str,
'datetime': datetime
}
# beaker options are optional.... but it's good to see
# where they are called
session_opts = {
'session.cookie_expires': True,
'session.timeout' : 600,
'session.secure' : True,
}
# define webPy app
app = web.application(urls, globals())
# smash it all together and define name for cookie key (sid)
def session_mw(app):
return SessionMiddleware(app, config = session_opts, key = "sid")
# function to check if we are logged in
def logged(session):
if 'login' in session:
if session['login']==1:
return True
else:
return False
else:
return False
# create different renders based on log in privilege
def create_render(privilege):
session = web.ctx.environ['beaker.session']
if logged(session) == True:
if privilege == 0:
render = web.template.render('/templates/user/', base='user_base', globals=t_globals)
elif privilege == 1:
render = web.template.render('/templates/user/', base='user_base', globals=t_globals)
elif privilege == 2:
render = web.template.render('/templates/admin/', base='base', globals=t_globals)
else:
render = web.template.render('/templates/viewer/', base='base', globals=t_globals)
else:
render = web.template.render('templates/', globals=t_globals)
return render
class Login:
def GET(self):
session = web.ctx.environ['beaker.session']
if logged(session) == True:
render = create_render(session['privilege'])
return render.index()
else:
render = create_render(0)
return render.login()
# I get user credentials from a database (called in model.get_users)
def POST(self):
session = web.ctx.environ['beaker.session']
data= web.input()
name = data['user']
passwd = data['passwd']
ident = model.get_users(m, name)
try:
if passwd == ident.password.strip():
session['login'] = 1
session['privilege'] = ident['privilege']
session['user'] = name
session.save()
render = create_render(session['privilege'])
return render.index()
else:
session.login = 0
session.privilege = 0
session.user = 'none'
render = create_render(session['privilege'])
return render.login()
except:
session['login'] = 0
session['privilege'] = 0
render = create_render(session['privilege'])
return render.login()
class Logout:
def GET(self):
session = web.ctx.environ['beaker.session']
try:
render = create_render(0)
session.invalidate()
session.delete()
return render.logout()
except:
session.invalidate()
session.delete()
render = create_render(0)
return render.logout()
class index:
def GET(self):
session = web.ctx.environ['beaker.session']
if logged(session) == False:
raise web.seeother('/login')
else:
render = create_render(0)
return render.index()
if __name__ == "__main__":
app.run(session_mw)
如何在自動化測試中初始化會話數據? (python 2.7,webpy,nesttests)
[英]How to initialize session data in automated test? (python 2.7, webpy, nosetests)
Django會話:您可以檢查會話數據並在同一視圖中進行設置嗎?
[英]Django sessions: can you check for session data and set it in same view?
可以為Python Flask中的不同用戶創建不同的會話超時長度嗎?
[英]Possible to create different session timeout lengths for different users in Python Flask?
如何使用 Python 並發多進程功能但僅調用此會話一次
[英]How to use Python concurrent multiprocess feature but calling this session only once
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.