2

我正在尝试创建一个简单的 Web 应用程序,以便更好地研究它是如何工作的。这个想法是用户可以通过 twitter 登录,然后可以访问前端的不同功能。我可以让用户通过 twitter 进行身份验证,但是我从一个请求到另一个请求丢失了会话。我使用python3 flaskflask-oauthlib

from flask import Flask, request, url_for, session, redirect, flash
from flask_cors import CORS
from flask_oauthlib.client import OAuth

app = Flask(__name__)
cors = CORS(app)
oauth = OAuth()

@app.route('/login')
def login():
    callback_url = url_for('oauthorized', next=request.args.get('next'))
    return twitter.authorize(callback=callback_url or request.referrer or None)

@app.route('/logout')
def logout():
    session.pop('twitter_oauth', None)
    return redirect(app.config['FRONT_END_URL'])

@app.route('/oauthorized')
def oauthorized():
    frontend_url = app.config['FRONT_END_URL']
    resp = twitter.authorized_response()

    if resp is None:
        flash('You denied the request to sign in.')
        return redirect(frontend_url)
    elif resp['screen_name'] not in allowed_twitter:
        flash('You dont have premission')
        return redirect(frontend_url)

    access_token = resp['oauth_token']
    session['access_token'] = access_token
    session['screen_name'] = resp['screen_name']

    session['twitter_token'] = (
        resp['oauth_token'],
        resp['oauth_token_secret']
    )

    flash('You were successfully logged in')
    return redirect(frontend_url + "/accionDirecta")

@app.route('/test')
def test():
    print(session)  # Is always empty

    access_token = session.get('access_token')
    if access_token is None:
        return("Not login")
    else:
        return("login")

print(session)里面是正确的oauthorized(),但是当用户登录后开始/test使用jquery $ajax时,我的会话是空的。为什么?

4

1 回答 1

0

问题出在$ajax get. 默认情况下,ajax 不包含你的cookies,所以你必须强制使用。在$ajax您必须添加:

crossDomain: true, xhrFields: { withCredentials: true }

而这股力量使用您的 cookie。

于 2017-01-29T17:35:30.817 回答