Главная » Языки программирования

Session and cookies in python

Содержание
  1. How To Use Session And Cookie In Python Flask Framework
  2. 1.What is Session & Cookie.
  3. 1.1 What is Session.
  4. 1.2 What is Cookie.
  5. 2. How To Manage Session & Cookie In Python Flask Framework.
  6. 2.1 Flask Session Management.
  7. 2.1 Flask Cookie Management.
  8. Leave a Comment Cancel Reply
  9. Session and cookies in python
  10. Python: submit authenticated form using cookie and session
  11. The main steps necessary to achieve the goal
  12. The whole code
  13. Как работать с куками и сессиями в Python
  14. Что такое куки?
  15. Что такое сессии?
  16. Как работать с куками и сессиями в Django?

Session is a data structure saved on the server-side, which is used to track the status of users. This data can be saved in clusters, databases, and files. Cookie is a mechanism for clients to save user data, and it is also a way to implement Session. This article introduces how to manage Session and Cookie in Python flask framework.

1.1 What is Session.

Because HTTP protocol is a stateless protocol, when the web server needs to record the user’s status, it needs to use some mechanism to identify the specific user. This mechanism is the so-called Session. In a typical scenario, such as a shopping cart, when someone clicks the order button to put a book into the shopping cart, because the HTTP protocol is stateless, you don’t know which user operates it. Therefore, the server needs to create a specific session for the user to identify and track it. Only in this way can you know how many books are there in the shopping cart. This session is saved on the server-side and has a unique session ID.

Читайте также:  How to insert date in MySQL using PHP

How does the server identify a specific client user? This is when cookies come to the stage. Each time when a client sends an HTTP request to the web server, it will send the corresponding cookie information to the server. Most applications use cookies to implement session tracking. When creating a session for the first time, the server will tell the client that it needs to record a session ID in the cookie, and later the client will send the session ID to the server for each HTTP request, then the web server can know which client sends the request for each time.

The session mechanism in Flask is to encrypt the sensitive data and put it into a session, then save the session into a cookie. When the client makes an HTTP request for the next time, the session data is directly obtained from the cookie sent by the web browser, and then Flask program can decrypt the original session data from it. This operation saves more server overhead because the data is stored in the client.

You may worry about the security of this method because all the data is stored in the local browser, which is easy to be stolen, but the security is always relative, and Flask also has its own special encryption algorithm for Session, so you don’t have to pay too much attention to the security.

2.1 Flask Session Management.

from flask import session
import os import binascii # Generates a random 24 bit string secret_key_value = os.urandom(24) # Create the hex-encoded string value. secret_key_value_hex_encoded = binascii.hexlify(out) # Set the SECRET_KEY value in Flask application configuration settings. app.config['SECRET_KEY'] = secret_key_value_hex_encoded
session.get('email') session['email']
# Set session parameter PERMANENT_SESSION_LIFETIME's value in config.py file. The PERMANENT_SESSION_LIFETIME's value is a datetime.timedelay data type. app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=7) session.permanent = True
# Remove one session data. session.pop('username') del session['username'] # Remove all session data. session.clear()
  1. Set cookie. The default cookie is a temporary cookie, which will be invalid when the browser is closed. You can set cookie max_age value to set the cookie validation period in seconds.
# Get the web server HTTP response. resp = make_response("success") # Set cookie in the HTTP response object. The cookie name is cookie_name, the cookie value is cookie_value, it will expire in 3600 seconds. resp.set_cookie("cookie_name", "cookie_value", max_age=3600)
# Get request cookies. cookies = request.cookies # Get cookie value by cookie name. cookie_value = cookies.get("cookie_name")
# Get http response object. resp = make_response("del success") # Invoke delete_cookie() method to delete a cookie by cookie name. resp.delete_cookie("cookie_name")
# Import Flask, make_response, request package. from flask import Flask, make_response, request app = Flask(__name__) # Add /set_cookie url route. @app.route("/set_cookie") def set_cookie(c_1, p_1, c_2, p_2, c_3, p_3): resp = make_response("success") ''' Set cookie, the default cookie is a temporary cookie which will expire when web browser close. ''' resp.set_cookie(c_1, p_1) resp.set_cookie(c_2, p_2) # Set cookie expiration time in 3600 seconds through max_age cookie attribute. resp.set_cookie(c_3, p_3, max_age=3600) return resp # Add /get_cookie url route. @app.route("/get_cookie") def get_cookie(cookie_name): """ Get a cookie through request.cookies. It will return a dictionary object. """ cookie_value = request.cookies.get(cookie_name) return cookie_value # Add /delete_cookie url route. @app.route("/delete_cookie") def delete_cookie(cookie_name): """ Remove cookie by HTTP response object's delete_cookie(cookie_name) method. It just make the cookie expire not really remove the cookie. """ # Get http response object. resp = make_response("del success") # Remove the cookie by invoking the delete_cookie() method. resp.delete_cookie(cookie_name) return resp if __name__ == '__main__': app.run(debug=True)

Leave a Comment Cancel Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Читайте также:  Python копирование части массива

Источник

Session and cookies in python

webscraping.pro transparent

Recently, I was challenged to do bulk submits through an authenticated form. The website required a login. While there are plenty of examples of how to use POST and GET in Python, I want to share with you how I handled the session along with a cookie and authenticity token (CSRF-like protection).

In the post, we are going to cover the crucial techniques needed in the scripting web scraping:

  • persistent session usage
  • cookie finding and storing [in session]
  • “auth token” finding, retrieving and submitting in a form
Given

A website with an input form where auth token is present. The auth token (CSRF-like) is different each time the form gets loaded. The website requires a login.

What I want:

I want to submit a lot of similar input data like ‘GE 1’, ‘GE 2’, etc. through that format into my account.

Note This website is not JS-rendered, so we do not apply here a browser emulation by Selenium WebDriver or similar.

The main steps necessary to achieve the goal

  1. Get a cookie from a logged-in browser.
  2. Insert cookie into a session (of Python requests library).
  3. Fetch the current form hidden “auth token” (using regex) before each submit.
  4. Use that unique “auth token” for each POST request inside the session.
1. Getting a cookie value from the browser

We get the cookie value(s) using the web developer tools (F12 in most browsers). Look at the following picture (a picture is better than 1000 words):

find-cookie-value

2. Adding the cookie into a session object

First, we add a cookie(s) into *.cookie file at a disk using a pickle module.

with open(cookieFile, 'rb') as f: print("Loading cookies. ") session.cookies.update(pickle.load(f))

Second, every time that we activate the session, we add the file into the session object. All cookies are thus joined into a session.

## One time cookie saving into a file import pickle URL = 'http://www.excellentbeliever.com/' urlData = urlparse(URL) cookieFile = urlData.netloc + '.cookie' cookie1= with open(cookieFile, 'wb') as fp: pickle.dump(cookie1, fp)

After we have loaded the cookie, we start scripting.

Main operations inside a loop

Inside the loop, over the input values, we do the following:

Visit the page with the form and fetch the “auth token”

get-form-hidden-field

How to identify a form’s hidden field value? See the figure below: The code to extract the form’s hidden input by regex:

regex_auth = r'(?:name="authenticity_token")\s+value="(.*?)"' page = session.get( urljoin(URL, '/dashboard?prediction=false')) matches = re.findall(regex_auth, page.text, re.MULTILINE) auth_token = matches[0]
Make a POST request to submit data
pattern = 'GE ' post_data = post_URL = urljoin(URL,'/readings') page = session.post( post_URL , data = post_data)

The whole code

import os, re import pickle, requests from urllib.parse import urljoin, urlparse # init vars URL = 'http://www.excellentbeliever.com/' regex_auth = r'(?:name="authenticity_token")\s+value="(.*?)"' urlData = urlparse(URL) cookieFile = urlData.netloc + '.cookie' ## One time cookie saving into a file ##cookie1= ##with open(cookieFile, 'wb') as fp: ## pickle.dump(cookie1, fp) ##print ('cookieFile:', cookieFile) login='xxx' password='xxx' signinUrl = urljoin(URL, "users/sign_in") # http://www.excellentbeliever.com/users/sign_in with requests.Session() as session: try: with open(cookieFile, 'rb') as f: print("Loading cookies. ") session.cookies.update(pickle.load(f)) except Exception: # If could not load cookies from file, get the new ones by login in print("Login in. ") post = session.post( signinUrl, data= < 'email': login, 'password': password, >) try: with open(cookieFile, 'wb') as f: jar = requests.cookies.RequestsCookieJar() for cookie in session.cookies: if cookie.name in persistentCookieNames: jar.set_cookie(cookie) pickle.dump(jar, f) except Exception as e: os.remove(cookieFile) raise(e) # load headers session.headers = page = session.get(URL) print ('url:', URL) print ('status code:', page.status_code) login_marker = 'Igor Savinkin' if login_marker in page.text: print (login_marker , 'is logged in.' ) print ("Session cookies:", session.cookies) pattern='GE ' max_num=26 for i in range(26, max_num+1): # get the auth token from authenticated form print ('Get the token authenticated form') page = session.get( urljoin(URL, '/dashboard?prediction=false')) print ('Page with form status code:', page.status_code) matches = re.findall(regex_auth, page.text, re.MULTILINE) if matches: auth_token = matches[0] print ('Form auth token:', auth_token) post_data = post_URL = urljoin(URL,'/readings') else: exit('Smth went wrong.') # send a post page = session.post( post_URL , data = post_data) print ('POST submit status code:', page.status_code) if 'Successfully' in page.text: print ('Form with "' + post_data["fragment"] + '" has been successfully submitted.' )

Источник

Как работать с куками и сессиями в Python

Изучите основы работы с куками и сессиями в Python, используя примеры кода для библиотеки Flask и фреймворка Django.

Python programming for web applications.

В данной статье мы рассмотрим, как работать с куками и сессиями в Python. Куки и сессии являются важными элементами, используемыми для сохранения информации о состоянии между различными запросами пользователя в веб-приложении.

Что такое куки?

Куки — это небольшие файлы данных, которые хранятся на компьютере пользователя и передаются между браузером и сервером при каждом запросе. Они используются для хранения информации о предпочтениях пользователя, идентификации пользователей, отслеживания состояний сессии и других функций.

Пример использования кук в Python с использованием библиотеки http.cookies :

from http.cookies import SimpleCookie cookie = SimpleCookie() cookie["username"] = "JohnDoe" cookie["username"]["path"] = "/" cookie["username"]["max-age"] = 3600 print(cookie)

Что такое сессии?

Сессии — это способ хранения информации о состоянии пользователя между запросами. Вместо хранения данных непосредственно в куки, сессии используют идентификатор сессии, который хранится в куке и связывается с данными на сервере.

Для работы с сессиями в Python можно использовать библиотеку Flask , которая предоставляет удобный интерфейс для работы с сессиями:

from flask import Flask, session app = Flask(__name__) app.secret_key = "my_secret_key" @app.route("/set_session") def set_session(): session["username"] = "JohnDoe" return "Session data set" @app.route("/get_session") def get_session(): if "username" in session: return session["username"] else: return "No session data"

Как работать с куками и сессиями в Django?

Django — это популярный фреймворк для разработки веб-приложений на Python. Он предоставляет встроенную поддержку для работы с куками и сессиями. Для работы с куками в Django используйте объект HttpResponse :

from django.http import HttpResponse def set_cookie(request): response = HttpResponse("Cookie set") response.set_cookie("username", "JohnDoe") return response

Для работы с сессиями в Django используйте объект request.session :

def set_session(request): request.session["username"] = "JohnDoe" return HttpResponse("Session data set") def get_session(request): if "username" in request.session: return HttpResponse(request.session["username"]) else: return HttpResponse("No session data")

Теперь вы знакомы с основами работы с куками и сессиями в Python. Продолжайте изучение этой темы, чтобы стать еще более опытным разработчиком! 😉

Источник

Оцените статью
© 2024 Программирование