我正在使用烧瓶登录https://github.com/maxcountryman/flask-login并且login_user中记住的字段似乎不起作用。
每次重启 apache 后会话都会被破坏。理想情况下,remember 字段应该处理这个问题。即使会话值也会被破坏。这真是令人沮丧......任何知道解决方案的人请ping ..谢谢我使用login_user作为
login_user(user, remember=True)
问问题
1676 次
3 回答
3
如果有人遇到此问题,您必须正确编写函数user_loader。
@login_manager.user_loader
def load_user(id):
return "get the user properly and create the usermixin object"
于 2012-11-15T18:41:11.423 回答
2
我遇到了这个问题,但这是因为我们Flask.secret_key在启动时设置了一个新的 GUID。我们将其移至配置文件(每个环境的唯一 ID),现在会话保持不变。
于 2016-06-22T19:47:00.097 回答
1
您必须在用户 mixen 以及 user_loader 中设置 get_auth_token
class User(UserMixin):
def get_auth_token(self):
"""
Encode a secure token for cookie
"""
data = [str(self.id), self.password]
return login_serializer.dumps(data)
和
@login_manager.token_loader
def load_token(token):
"""
Flask-Login token_loader callback.
The token_loader function asks this function to take the token that was
stored on the users computer process it to check if its valid and then
return a User Object if its valid or None if its not valid.
"""
#The Token itself was generated by User.get_auth_token. So it is up to
#us to known the format of the token data itself.
#The Token was encrypted using itsdangerous.URLSafeTimedSerializer which
#allows us to have a max_age on the token itself. When the cookie is stored
#on the users computer it also has a exipry date, but could be changed by
#the user, so this feature allows us to enforce the exipry date of the token
#server side and not rely on the users cookie to exipre.
max_age = app.config["REMEMBER_COOKIE_DURATION"].total_seconds()
#Decrypt the Security Token, data = [username, hashpass]
data = login_serializer.loads(token, max_age=max_age)
#Find the User
user = User.get(data[0])
#Check Password and return user or None
if user and data[1] == user.password:
return user
return None
这两种方法都使用模块 itsdangerous 来加密记住我的 cookie
from itsdangerous import URLSafeTimedSerializer
我写了一篇关于我如何做到的博客文章 Flask-Login Auth Tokens
于 2012-11-27T04:40:05.323 回答