An explanation of Tornado's secure cookie mechanism in Python-Python Tutorial-php.cn

Home

Backend Development

Python Tutorial

An explanation of Tornado's secure cookie mechanism in Python

不言

Oct 19, 2018 pm 05:27 PM

python

This article brings you an explanation of the Tornado security cookie mechanism in Python. It has certain reference value. Friends in need can refer to it. I hope it will be helpful to you.

Cookies are data stored in the user's local terminal (Client Side) by many websites in order to identify the user's identity. Using RequestHandler.get_cookie() and RequestHandler.set_cookie() in Tornado can easily Read and write cookies.

Example: Simple reading and writing of Cookie

import tornado.web

session_id = 1
class MainHandler(tornado.web.RequestHandler):
    def get(self):
        global session_id
        if not self.get_cookie("session"):
            self.set_cookie("session",str(session_id))
            session_id+=1
            self.write("设置新的session")
        else:
            self.write("已经具有session")

if __name__ == '__main__':
    app=tornado.web.Application([
        ("/",MainHandler)
    ])
    app.listen("8888")
    tornado.ioloop.IOLoop.current().start()

In this example, the get_cookie() function is used to determine whether the Cookie name [session] exists. If it does not exist, assign it to it. New session_id.

In practical applications, cookies are often used to save session information like this example.
Because Cookie is always saved on the client side, how to save it from being tampered with is a problem that the server-side program must solve.
Tornado provides an information encryption mechanism for Cookie, making it impossible for the client to parse and modify the key value of Cookie at will.

Code:

import tornado.web

session_id = 1
class MainHandler(tornado.web.RequestHandler):
    def get(self):
        global session_id
        #get_secure_cookie代替get_cookie
        if not self.get_secure_cookie("session"):
            #set_secure_cookie代替set_cookie
            self.set_secure_cookie("session",str(session_id))
            session_id+=1
            self.write("设置新的session")
        else:
            self.write("已经具有session")

if __name__ == '__main__':
    app=tornado.web.Application([
        ("/",MainHandler)
    ],cookie_secret="JIA_MI_MI_YAO")
    app.listen("8888")
    tornado.ioloop.IOLoop.current().start()

Comparing the simple Cookie example above, you can find the difference:

The cookie_secret parameter is assigned when the tornado.web.Application object is initialized. The value of this parameter is a string used to save the key used to encrypt cookies on this website.
Use RequestHandler.get_secure_cookie instead of the original RequestHandler.get_cookie call where cookies need to be read.
Replace the original RequestHandler.set_cookie call with RequestHandler.set_secure_cookie where Cookie needs to be written.

In this way, you don’t need to worry about Cookie The problem of forgery is solved, but the cookie_secret parameter value, as the encryption key, needs to be well protected and cannot be leaked.

The above is the detailed content of An explanation of Tornado's secure cookie mechanism in Python. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:segmentfault思否. If there is any infringement, please contact admin@php.cn delete

Python and Time: Making the Most of Your Study TimeApr 14, 2025 am 12:02 AM

To maximize the efficiency of learning Python in a limited time, you can use Python's datetime, time, and schedule modules. 1. The datetime module is used to record and plan learning time. 2. The time module helps to set study and rest time. 3. The schedule module automatically arranges weekly learning tasks.

Python: Games, GUIs, and MoreApr 13, 2025 am 12:14 AM

Python excels in gaming and GUI development. 1) Game development uses Pygame, providing drawing, audio and other functions, which are suitable for creating 2D games. 2) GUI development can choose Tkinter or PyQt. Tkinter is simple and easy to use, PyQt has rich functions and is suitable for professional development.

Python vs. C : Applications and Use Cases ComparedApr 12, 2025 am 12:01 AM

Python is suitable for data science, web development and automation tasks, while C is suitable for system programming, game development and embedded systems. Python is known for its simplicity and powerful ecosystem, while C is known for its high performance and underlying control capabilities.

The 2-Hour Python Plan: A Realistic ApproachApr 11, 2025 am 12:04 AM

You can learn basic programming concepts and skills of Python within 2 hours. 1. Learn variables and data types, 2. Master control flow (conditional statements and loops), 3. Understand the definition and use of functions, 4. Quickly get started with Python programming through simple examples and code snippets.

Python: Exploring Its Primary ApplicationsApr 10, 2025 am 09:41 AM

Python is widely used in the fields of web development, data science, machine learning, automation and scripting. 1) In web development, Django and Flask frameworks simplify the development process. 2) In the fields of data science and machine learning, NumPy, Pandas, Scikit-learn and TensorFlow libraries provide strong support. 3) In terms of automation and scripting, Python is suitable for tasks such as automated testing and system management.

How Much Python Can You Learn in 2 Hours?Apr 09, 2025 pm 04:33 PM

You can learn the basics of Python within two hours. 1. Learn variables and data types, 2. Master control structures such as if statements and loops, 3. Understand the definition and use of functions. These will help you start writing simple Python programs.

How to teach computer novice programming basics in project and problem-driven methods within 10 hours?Apr 02, 2025 am 07:18 AM

How to teach computer novice programming basics within 10 hours? If you only have 10 hours to teach computer novice some programming knowledge, what would you choose to teach...