Flask-Login 0.1 发布

发布时间:2011-07-04 00:40:41, 关注:+6151, 赞美:+6, 不爽:+6

原始出处: LeafStorm

I am proud to announce the release of Flask-Login 0.1. It provides user session management for Flask.

Basically, it handles logging in, logging out, remembering your users, and attempting to protect them from cookie thieves. (That last is especially tricky.) I patterned most of the API design after django.contrib.auth, but it is not tied to any database or permissions system.

Securely storing session data

One idea that I had for Flask-Login that I decided not to implement in the first release was rotating “Remember Me” tokens. The concept behind that is instead of having a single “Remember Me” token that lasts for all time (unless your cookie expires), a unique token is generated for each user session. When a user logs in and “redeems” their token, a the old token is deleted and a new one is generated.

The reason I decided not to implement it is because I would basically have to implement a complete storage system for the tokens, which would be a lot of work for just one extension. So, one idea that I may pursue in the future is “Flask-KVStore”: a generic interface to key/value stores for session data. (“Session data” is defined as any data that is (a) transient, (b) shouldn’t be stored on the client, and (c) somewhat expendable.)

It would be a bit more structured than just a key/value store, though. Instead of just stashing the data in the store, one would obtain a “collection” (for example, remember_tokens) and stash the data as keys within the collection. (The ideal backend for this would be Redis, but the whole purpose of having an abstration is so that if you don’t have Redis or whatever available, you can still use it.)

Anyway, that is mostly just brainstorming, and probably quite a ways off. (Still, if you think that is a good idea, let me know.)

如果你觉得本站对你有帮助,欢迎向本站赞助 :P


Copyright© Python4cn(news, jobs) simple-is-better.com, 技术驱动:powered by web.py 空间主机:Webfaction

版权申明:文章转载已注明出处,如有疑问请来信咨询。本站为 python 语言推广公益网站,与 python 官方没有任何关系。

联系/投搞/留言: en.simple.is.better@gmail.com 向本站捐赠