flask 自定义session机制

最新推荐文章于 2025-06-16 18:52:58 发布

原创

最新推荐文章于 2025-06-16 18:52:58 发布 · 2.1k 阅读

1 ·

CC 4.0 BY-SA版权

本文介绍如何在Flask中实现自定义session机制，通过将session值与随机sid关联，存储可以选择Redis或内存。同时，发送给浏览器的不再是加密后的session值，而是对应的session_id。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

# flask原生session机制，cookie中返回session加密的value


class SecureCookieSessionInterface(SessionInterface):
    """The default session interface that stores sessions in signed cookies
    through the :mod:`itsdangerous` module.
    """
    #: the salt that should be applied on top of the secret key for the
    #: signing of cookie based sessions.
    salt = 'cookie-session'
    #: the hash function to use for the signature.  The default is sha1
    digest_method = staticmethod(hashlib.sha1)
    #: the name of the itsdangerous supported key derivation.  The default
    #: is hmac.
    key_derivation = 'hmac'
    #: A python serializer for the payload.  The default is a compact
    #: JSON derived serializer with support for some extra Python types
    #: such as datetime objects or tuples.
    serializer = session_json_serializer
    session_class = SecureCookieSession

    def get_signing_serializer(self, app):
        if not app.secret_key:
            return None
        signer_kwargs = dict(
            key_derivation=self.key_derivation,
            digest_method=self.digest_method
        )
        return URLSafeTimedSerializer(app.secret_key, salt=self.salt,
                                      serializer=self.serializer,
                                      signer_kwargs=signer_kwargs)

    def open_session(self, app, request):
        s = self.get_signing_serializer(app)
        if s is None: