Pour une raison quelconque après la connexion, chaque requête POST après le cookie de session Twisted change. Pourquoi cela arrive-t-il? Je m'attendrais à ce que la session soit identique jusqu'à ce que la connexion soit perdue ou que l'utilisateur se déconnecte.Le cookie de session modifié change pour chaque requête
Voici mon code qui provoque la session d'être différent pour chaque demande:
from twisted.web.server import Site, http
from twisted.internet import reactor
from twisted.web.resource import Resource
import json
class HttpResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
session_id = request.getSession().uid
print "HttpResource session ID: {}".format(session_id)
class LoginResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
log("Login request")
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
req = request.content.read()
session_id = request.getSession().uid
try:
jsQ = json.loads(req)
except Exception as e:
return e
# User credentials
username = jsQ['username']
password = jsQ['password']
# Authenticate the User
if username == 'test' and password == 'test':
# Create a new session
print "Login session ID: {}".format(session_id)
else:
request.setResponseCode(401)
return "Invalid username or password"
class RefreshResource(Resource):
isLeaf = True
def render_OPTIONS(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return ""
def render_GET(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
return "<html><body style='margin: 0; overflow: hidden;'><iframe style='width: 100%; height: 100%; border: none;' src='http://tsa-graphiql.herokuapp.com/'></iframe></body></html>"
def render_POST(self, request):
request.setHeader('Access-Control-Allow-Origin', '*')
request.setHeader('Access-Control-Allow-Headers', 'Origin, Accept, content-type, authorization')
print "Refresh session ID: {}".format(request.getSession().uid)
class HttpFactory(Site):
def __init__(self, resource):
http.HTTPFactory.__init__(self)
self.resource = resource
self.sessions = {}
self.user_info = {}
if __name__ == '__main__':
root = Resource()
root.putChild("", HttpResource())
root.putChild("login", LoginResource())
root.putChild("refresh", RefreshResource())
site = HttpFactory(root)
reactor.listenTCP(8000, site)
reactor.run()
D'accord, je vois. Ainsi, si le code tordu place le cookie dans l'en-tête, l'interface utilisateur doit envoyer ce cookie à chaque requête jusqu'à la fin de la session. Merci pour l'explication Jean! – Brian