当前位置: 文江博客话题详情

如何从 django_session 表的 session_data 中查找用户 ID?

发布于 2024-09-30 14:11:08 字数 815 浏览 8 评论 0原文

django_session表中存储session_data,该表首先使用Python的pickle模块进行pickle,然后使用Python的base64模块进行base64编码。

我得到了解码后的 pickle session_data

django_session 表中的 session_data

gAJ9cQEoVQ9fc2Vzc2lvbl9leHBpcnlxAksAVRJfYXV0aF91c2VyX2JhY2tlbmRxA1UpZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmRxBFUNX2F1dGhfdXNlcl9pZHEFigECdS5iZmUwOWExOWI0YTZkN2M0NDc2MWVjZjQ5ZDU0YjNhZA==

通过 base64.decode(session_data) 解码后:

 \x80\x02}q\x01(U\x0f_session_expiryq\x02K\x00U\x12_auth_user_backendq\x03U)django.contrib.auth.backends.ModelBackendq\x04U\r_auth_user_idq\x05\x8a\x01\x02u.bfe09a19b4a6d7c44761ecf49d54b3ad

我想从 中找出 auth_user_id 的值auth_user_idq\x05\x8a\x01\x02u

原文

In django_session table session_data is stored which is first pickled using pickle module of Python and then encoded in base64 by using base64 module of Python.

I got the decoded pickled session_data.

session_data from django_session table:

gAJ9cQEoVQ9fc2Vzc2lvbl9leHBpcnlxAksAVRJfYXV0aF91c2VyX2JhY2tlbmRxA1UpZGphbmdvLmNvbnRyaWIuYXV0aC5iYWNrZW5kcy5Nb2RlbEJhY2tlbmRxBFUNX2F1dGhfdXNlcl9pZHEFigECdS5iZmUwOWExOWI0YTZkN2M0NDc2MWVjZjQ5ZDU0YjNhZA==

after decoding it by base64.decode(session_data):

 \x80\x02}q\x01(U\x0f_session_expiryq\x02K\x00U\x12_auth_user_backendq\x03U)django.contrib.auth.backends.ModelBackendq\x04U\r_auth_user_idq\x05\x8a\x01\x02u.bfe09a19b4a6d7c44761ecf49d54b3ad

I want to find out the value of auth_user_id from auth_user_idq\x05\x8a\x01\x02u.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

听你说爱我 2024-10-07 14:11:08

我对保罗的方法遇到了麻烦(请参阅我对他的答案的评论),所以我最终使用了 scottbarnham.com 博客文章

from django.contrib.sessions.models import Session
from django.contrib.auth.models import User

session_key = '8cae76c505f15432b48c8292a7dd0e54'

session = Session.objects.get(session_key=session_key)
uid = session.get_decoded().get('_auth_user_id')
user = User.objects.get(pk=uid)

print user.username, user.get_full_name(), user.email

I had trouble with Paulo's method (see my comment on his answer), so I ended up using this method from a scottbarnham.com blog post:

from django.contrib.sessions.models import Session
from django.contrib.auth.models import User

session_key = '8cae76c505f15432b48c8292a7dd0e54'

session = Session.objects.get(session_key=session_key)
uid = session.get_decoded().get('_auth_user_id')
user = User.objects.get(pk=uid)

print user.username, user.get_full_name(), user.email
回复 原文
岁月静好 2024-10-07 14:11:08

注意:格式自原始答案以来已更改,对于 1.4 及更高版本,请参阅下面的更新

import pickle

data = pickle.loads(base64.decode(session_data))

>>> print data
{'_auth_user_id': 2L, '_auth_user_backend': 'django.contrib.auth.backends.ModelBackend',
 '_session_expiry': 0}

[更新]

我的base64.decode需要文件名参数,所以我尝试了base64.b64decode,但这返回了“IndexError:列表分配索引超出范围”。

我真的不知道为什么我使用 base64 模块,我想是因为这个问题以它为特色。

您可以只使用 str.decode 方法:

>>> pickle.loads(session_data.decode('base64'))
{'_auth_user_id': 2L, '_auth_user_backend': 'django.contrib.auth.backends.ModelBackend',
 '_session_expiry': 0}

我找到了一个解决方法(请参阅下面的答案),但我很好奇为什么这不起作用。

从用户源(cookies)加载腌制数据存在安全风险,因此自从这个问题得到解答以来,session_data 格式已更改(我应该跟踪 Django 错误跟踪器中的特定问题并将其链接到此处,但我的番茄钟休息时间消失了)。

现在的格式(自 Django 1.4 起)是“hash:json-object”,其中前 40 字节哈希是加密签名,其余是 JSON 有效负载。现在您可以忽略哈希值(它允许检查数据是否未被某些 cookie 黑客篡改)。

>>> json.loads(session_data.decode('base64')[41:])
{u'_auth_user_backend': u'django.contrib.auth.backends.ModelBackend',
 u'_auth_user_id': 1}

NOTE: format changed since original answer, for 1.4 and above see the update below

import pickle

data = pickle.loads(base64.decode(session_data))

>>> print data
{'_auth_user_id': 2L, '_auth_user_backend': 'django.contrib.auth.backends.ModelBackend',
 '_session_expiry': 0}

[update]

My base64.decode requires filename arguments, so then I tried base64.b64decode, but this returned "IndexError: list assignment index out of range".

I really don't know why I used the base64 module, I guess because the question featured it.

You can just use the str.decode method:

>>> pickle.loads(session_data.decode('base64'))
{'_auth_user_id': 2L, '_auth_user_backend': 'django.contrib.auth.backends.ModelBackend',
 '_session_expiry': 0}

I found a work-around (see answer below), but I am curious why this doesn't work.

Loading pickled data from user sources (cookies) is a security risk, so the session_data format was changed since this question was answered (I should go after the specific issue in Django's bug tracker and link it here, but my pomodoro break is gone).

The format now (since Django 1.4) is "hash:json-object" where the first 40 byte hash is a crypto-signature and the rest is a JSON payload. For now you can ignore the hash (it allows checking if the data was not tampered by some cookie hacker).

>>> json.loads(session_data.decode('base64')[41:])
{u'_auth_user_backend': u'django.contrib.auth.backends.ModelBackend',
 u'_auth_user_id': 1}
回复 原文
心在旅行 2024-10-07 14:11:08

如果您想了解更多信息并了解编码或解码是如何工作的,这里有一些相关代码。
顺便说一句,我使用的 Django 版本是 1.9.4。

django/contrib/sessions/backends/base.py

class SessionBase(object):
    def _hash(self, value):
        key_salt = "django.contrib.sessions" + self.__class__.__name__
        return salted_hmac(key_salt, value).hexdigest()
    def encode(self, session_dict):
        "Returns the given session dictionary serialized and encoded as a string."
        serialized = self.serializer().dumps(session_dict)
        hash = self._hash(serialized)
        return base64.b64encode(hash.encode() + b":" + serialized).decode('ascii')
    def decode(self, session_data):
        encoded_data = base64.b64decode(force_bytes(session_data))
        try:
            # could produce ValueError if there is no ':'
            hash, serialized = encoded_data.split(b':', 1)
            expected_hash = self._hash(serialized)
            if not constant_time_compare(hash.decode(), expected_hash):
                raise SuspiciousSession("Session data corrupted")
            else:
                return self.serializer().loads(serialized)
        except Exception as e:
            # ValueError, SuspiciousOperation, unpickling exceptions. If any of
            # these happen, just return an empty dictionary (an empty session).
            if isinstance(e, SuspiciousOperation):
                logger = logging.getLogger('django.security.%s' %
                        e.__class__.__name__)
                logger.warning(force_text(e))
            return {}

django/contrib/sessions/serializer.py

class JSONSerializer(object):
    """
    Simple wrapper around json to be used in signing.dumps and
    signing.loads.
    """
    def dumps(self, obj):
        return json.dumps(obj, separators=(',', ':')).encode('latin-1')
    def loads(self, data):
        return json.loads(data.decode('latin-1'))

让我们重点关注SessionBase的encode函数。

  1. 将会话字典序列化为 json
  2. 创建哈希盐
  3. 将盐添加到序列化会话中,base64 连接

因此,解码是相反的。
我们可以在下面的代码中简化解码函数。

import json
import base64
session_data = 'YTUyYzY1MjUxNzE4MzMxZjNjODFiNjZmZmZmMzhhNmM2NWQzMTllMTp7ImNvdW50Ijo0fQ=='
encoded_data = base64.b64decode(session_data)
hash, serialized = encoded_data.split(b':', 1)
json.loads(serialized.decode('latin-1'))

这就是 session.get_decoded() 所做的。

If you want to learn more about it and know how does encode or decode work, there are some relevant code.
By the way the version of Django that i use is 1.9.4.

django/contrib/sessions/backends/base.py

class SessionBase(object):
    def _hash(self, value):
        key_salt = "django.contrib.sessions" + self.__class__.__name__
        return salted_hmac(key_salt, value).hexdigest()
    def encode(self, session_dict):
        "Returns the given session dictionary serialized and encoded as a string."
        serialized = self.serializer().dumps(session_dict)
        hash = self._hash(serialized)
        return base64.b64encode(hash.encode() + b":" + serialized).decode('ascii')
    def decode(self, session_data):
        encoded_data = base64.b64decode(force_bytes(session_data))
        try:
            # could produce ValueError if there is no ':'
            hash, serialized = encoded_data.split(b':', 1)
            expected_hash = self._hash(serialized)
            if not constant_time_compare(hash.decode(), expected_hash):
                raise SuspiciousSession("Session data corrupted")
            else:
                return self.serializer().loads(serialized)
        except Exception as e:
            # ValueError, SuspiciousOperation, unpickling exceptions. If any of
            # these happen, just return an empty dictionary (an empty session).
            if isinstance(e, SuspiciousOperation):
                logger = logging.getLogger('django.security.%s' %
                        e.__class__.__name__)
                logger.warning(force_text(e))
            return {}

django/contrib/sessions/serializer.py

class JSONSerializer(object):
    """
    Simple wrapper around json to be used in signing.dumps and
    signing.loads.
    """
    def dumps(self, obj):
        return json.dumps(obj, separators=(',', ':')).encode('latin-1')
    def loads(self, data):
        return json.loads(data.decode('latin-1'))

Let's focus on SessionBase's encode function.

  1. Serialize the session dictionary to a json
  2. create a hash salt
  3. add the salt to serialized session , base64 the concatenation

So, decode is inverse.
We can simplify the decode function in the following code.

import json
import base64
session_data = 'YTUyYzY1MjUxNzE4MzMxZjNjODFiNjZmZmZmMzhhNmM2NWQzMTllMTp7ImNvdW50Ijo0fQ=='
encoded_data = base64.b64decode(session_data)
hash, serialized = encoded_data.split(b':', 1)
json.loads(serialized.decode('latin-1'))

And that what session.get_decoded() did.

回复 原文
故事灯 2024-10-07 14:11:08
from django.conf import settings
from django.contrib.auth.models import User
from django.utils.importlib import import_module        

def get_user_from_sid(session_key):
    django_session_engine = import_module(settings.SESSION_ENGINE)
    session = django_session_engine.SessionStore(session_key)
    uid = session.get('_auth_user_id')
    return User.objects.get(id=uid)

from django.conf import settings
from django.contrib.auth.models import User
from django.utils.importlib import import_module        

def get_user_from_sid(session_key):
    django_session_engine = import_module(settings.SESSION_ENGINE)
    session = django_session_engine.SessionStore(session_key)
    uid = session.get('_auth_user_id')
    return User.objects.get(id=uid)
回复 原文
预谋 2024-10-07 14:11:08

我想使用最新版本的 DJango (2.05) 在纯 Python 中完成此操作。这就是我所做的:

>>> import base64
>>> x = base64.b64decode('OWNkOGQxYjg4NzlkN2ZhOTc2NmU1ODY0NWMzZmQ4YjdhMzM4OTJhNjp7Im51bV92aXNpdHMiOjJ9')
>>> print(x)
b'9cd8d1b8879d7fa9766e58645c3fd8b7a33892a6:{"num_visits":2}'
>>> import json
>>> data = json.loads(x[41:])
>>> print(data)
{'num_visits': 2}

I wanted to do this in pure Python with the latest version of DJango (2.05). This is what I did:

>>> import base64
>>> x = base64.b64decode('OWNkOGQxYjg4NzlkN2ZhOTc2NmU1ODY0NWMzZmQ4YjdhMzM4OTJhNjp7Im51bV92aXNpdHMiOjJ9')
>>> print(x)
b'9cd8d1b8879d7fa9766e58645c3fd8b7a33892a6:{"num_visits":2}'
>>> import json
>>> data = json.loads(x[41:])
>>> print(data)
{'num_visits': 2}
回复 原文
吃颗糖壮壮胆 2024-10-07 14:11:08

我只需要在 Django 安装上解决类似的问题。我知道用户的 ID (36),并且想要删除该特定用户的会话数据。我想将此代码作为原型来构建,以便在会话数据中查找用户:

from django.contrib.sessions.models import Session

TARGET_USER = 36  # edit this to match  target user.

TARGET_USER = str(TARGET_USER)  # type found to be a string

for session in Session.objects.all():
    raw_session= session.get_decoded()
    uid = session.get_decoded().get('_auth_user_id')
    if uid == TARGET_USER:  # this could be a list also if multiple users
        print(session)
        # session.delete()  # uncomment to delete session data associated with the user

希望这对任何人都有帮助。

I just had to solve something like this on a Django install. I knew the ID (36) of the user and wanted to delete the session data for that specific user. I wanted to put this code out as a prototype to build from for finding a user in session data:

from django.contrib.sessions.models import Session

TARGET_USER = 36  # edit this to match  target user.

TARGET_USER = str(TARGET_USER)  # type found to be a string

for session in Session.objects.all():
    raw_session= session.get_decoded()
    uid = session.get_decoded().get('_auth_user_id')
    if uid == TARGET_USER:  # this could be a list also if multiple users
        print(session)
        # session.delete()  # uncomment to delete session data associated with the user

Hope this helps anyone out there.

回复 原文
~没有更多了~

关于作者

北音执念

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文