如何使用 Beaker 将值保存到 Pyramid 中基于匿名 cookie 的会话
我有一个使用 Beaker 加密 cookie 会话的 Pyramid 应用程序。我可以使用RequestWithUserAttribute、pyramid.security.authenticated_userid()、remember() 和forget() 来登录用户。
然而,大多数用户永远不会登录,并且我想将一个特定值保存在用户给出的站点(他们的位置或任何与此相关的字符串)中(如果可能的话进行加密) )。
我无法发现如何使用 Remember() 函数设置会话的主体,并且我不想发送自己的 Set-Cookie 标头,更不用说自己处理数据加密了。
我发现您可以将关键字参数传递给 Remember():
remember(request, principal, *kw)
但是当我尝试发送任何额外的值时,我不断遇到错误。
理想情况下,我期望这样的事情:
remember(request, 'public', {'location':request.params.get('location')})
这是否是正确的路线?
I have a Pyramid application using Beaker Encrypted cookie sessions. I can log a user in using a RequestWithUserAttribute, pyramid.security.authenticated_userid(), remember() and forget() just fine.
However, the majority of users will never log in, and there is a specific value I'd like to save in a cookie (encrypted if at all possible) that the user has given then site (their location, or any string for that matter).
I cannot discover how to set more than the principal for a session using the remember() function, and I'd prefer not to send my own Set-Cookie headers, let alone deal with the encryption of the data myself.
I have found that you can pass keyword arguments to remember():
remember(request, principal, *kw)
But when I try to send any extra values I continuously run into an error.
Ideally I would expect something like this:
remember(request, 'public', {'location':request.params.get('location')})
Is this even the correct route?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Pyramid 中的会话和身份验证(一般情况下)是不相交的概念。有很多人学习如何存储经过身份验证的用户“处于会话中”,但这绝不是一个要求。会话的目的是为站点访问者跨请求存储任意数据。这可能是因为他们已登录,也可能是您的随机字符串。
关键是你可以在会话中存储随机的东西。它可以在 Pyramid 中通过
request.session直接在请求对象上使用(在配置器上设置 session_factory 之后)。这不需要您使用身份验证、记住/忘记或会话工厂以外的任何内容。
https://docs.pylonsproject.org/projects/ Pyramid/en/1.2-branch/narr/sessions.html
Sessions and Authentication in Pyramid (and in general) are disjoint concepts. There are a lot of people who learn the way to store the authenticated user "is in a session", but in no way is this a requirement. The point of a session is to store arbitrary data for a visitor to your site across requests. That could be the fact that they are logged in or it could be your random strings.
The point is you can store random stuff in the session. It is available in Pyramid (after you've setup the session_factory on the Configurator) directly on the request object via
request.session.This does not require you to use authentication, remember/forget, or anything other than a session factory.
https://docs.pylonsproject.org/projects/pyramid/en/1.2-branch/narr/sessions.html