会话cookie不会以每次要求发送回服务器
我正在尝试实现一个身份验证系统,其中一部分涉及传递会话cookie,以允许服务器以每次要求验证用户的身份;但是,当在测试案例下注册并尝试访问已验证的端点时,尽管在测试的本地cookiejar中设置了cookie,但它并未出现在服务器的请求标题中。
服务器仅设置到期日期,在此处创建cookie。
headers={
"set-cookie": [{
"name": "__session",
"value": user_obj.serialize_session(),
"expires": cookie_expiry(user_obj.expires_at()),
}]
}
并且测试案例
session = requests.Session()
def register(username, password):
return session.post(
f"{HOST}/api/auth/register",
...
)
def create_invoice(education, desc, budget, deadline, files):
return session.post(
f"{HOST}/api/invoice/create",
...
)
username, password = ...
account = register(username, password)
req = create_invoice(
...
)
# {"status": "error", "reason": "you must be authenticated to use this endpoint"}
在客户端非常简单,cookie似乎在register响应上有效:
'set-cookie':'__session =“ ...”; expires = fri,22-apr-2022 02:47:46 GMT'
但是,服务器端的请求出现,没有任何cookie 标头:
Host: www.example.local:8443
User-Agent: python-requests/2.27.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 112
Content-Type: application/json
我在玩耍时到处都在浏览域和httponly属性,但似乎无效。为什么请求 s会话没有将会话cookie放在请求中?
I'm trying to implement an authentication system, part of which involves passing around a session cookie to allow the server to verify the user's identity on a per-request basis; however, when registering under a test-case and attempting to access an authenticated endpoint, despite the cookie being set in the test's local cookiejar, it does not appear in the request headers to the server.
The server creates the cookie here, by only setting the expiration date.
headers={
"set-cookie": [{
"name": "__session",
"value": user_obj.serialize_session(),
"expires": cookie_expiry(user_obj.expires_at()),
}]
}
And the test-case is very simple
session = requests.Session()
def register(username, password):
return session.post(
f"{HOST}/api/auth/register",
...
)
def create_invoice(education, desc, budget, deadline, files):
return session.post(
f"{HOST}/api/invoice/create",
...
)
username, password = ...
account = register(username, password)
req = create_invoice(
...
)
# {"status": "error", "reason": "you must be authenticated to use this endpoint"}
On the client-side, the cookie appears to be valid on the register response:
'set-cookie': '__session="..."; expires=Fri, 22-Apr-2022 02:47:46 GMT'
But, the request from the server-side appears without any Cookie header:
Host: www.example.local:8443
User-Agent: python-requests/2.27.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Content-Length: 112
Content-Type: application/json
I've looked everywhere in terms of playing around with the Domain and HttpOnly attributes, but nothing appears to work. Is there a certain reason why the requests session isn't putting the session cookie in the request?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论