[转]tornado入门 - session
cookie 和session 的区别:html
一、cookie数据存放在客户的浏览器上,session数据放在服务器上。web
二、cookie不是很安全,别人能够分析存放在本地的COOKIE并进行COOKIE欺骗
考虑到安全应当使用session。redis
三、session会在必定时间内保存在服务器上。当访问增多,会比较占用你服务器的性能
考虑到减轻服务器性能方面,应当使用COOKIE。浏览器
四、单个cookie保存的数据不能超过4K,不少浏览器都限制一个站点最多保存20个cookie。安全
五、因此我的建议:
将登录信息等重要信息存放为SESSION
其余信息若是须要保留,能够放在COOKIE中服务器
建立惟一标识符cookie
import uuid uuid.uuid4()
tornado默认没有支持sessionsession
须要安装第三方app
安装Redis 和 pyckettornado
pip install pycket
使用pycket实现基于redis的session
例子
#-*- coding: utf-8 -*- import tornado.httpserver import tornado.ioloop import tornado.web import os import tornado.autoreload from tornado.options import define, options #2 导入模块 from pycket.session import SessionMixin define('port', default=8000, help='Run on the given port', type=int) define('debug', default=False, help='Set debug mode', type=bool) class HomeHandler(tornado.web.RequestHandler): def get(self, *args, **kwargs): self.render('index.html') #3 在使用session的handler上继承SessionMixin class LoginHandler(tornado.web.RequestHandler, SessionMixin): def get(self, *args, **kwargs): self.render('login.html') def post(self, *args, **kwargs): self.set_secure_cookie('user', self.get_argument('user', None)) #4设置session self.session.set('user_session_test', self.get_argument('user')) txt = str(self.session.get('user_session_test')) #4测试session self.write('Successully set cookie!, user_session_test value: %s' % txt) class OtherHtmlHandler(tornado.web.RequestHandler): def get_current_user(self): user = self.get_secure_cookie('user') return user @tornado.web.authenticated def get(self, page): pagename = page + '.html' path = os.path.join(self.settings['static_path'], pagename) self.render(pagename) class CustomApp(tornado.web.Application): def __init__(self, debug = False): settings = { 'template_path':os.path.join(os.path.dirname(__file__), 'moban_clean/templates'), 'static_path':os.path.join(os.path.dirname(__file__), 'moban_clean'), 'blog_title': "tornado blog", 'login_url': '/login.html', 'cookie_secret':"2379874hsdhf0234990sdhsaiuofyasop977djdj", 'xsrf_cookies':True, 'debug':debug, #1 配置pycket 注意别忘记开启redis服务C:\redis>redis-server.exe 'pycket':{ 'engine':'redis', 'storage':{ 'host':'localhost', 'port': 6379, 'db_sessions':10, 'db_notifications':11, 'max_connections':2**31, }, 'cookies':{ #5 设置过时时间 'expires_days':2, #'expires':None, #秒 }, } } handles = [ (r'/$', HomeHandler), (r'/login.html', LoginHandler), (r'/(.+?)\.html', OtherHtmlHandler), (r'/(.+?\..+)', tornado.web.StaticFileHandler, dict(path=settings['static_path'])), ] super(CustomApp, self).__init__(handles, **settings) if __name__ == '__main__': tornado.options.parse_command_line() app = CustomApp(debug=options.debug) http_server = tornado.httpserver.HTTPServer(app) http_server.listen(options.port) #tornado.autoreload.start() tornado.ioloop.IOLoop.instance().start()