HTTP 基本身份验证的基本超时

【问题标题】:Basic timeout for HTTP Basic AuthHTTP 基本身份验证的基本超时
【发布时间】:2014-06-30 04:45:02
【问题描述】:

我正在提供一个静态文件,需要基本登录名和密码才能查看。目前我只是在使用这个 sn-p:http://flask.pocoo.org/snippets/8/

现在它只是保持活动状态,直到浏览器退出。我想弄清楚如何编写一个简单的超时。类似“如果它已经 5 分钟,则终止它并将用户重定向回索引页面。

我已经很接近了,它会超时,唯一的事情是如果浏览器窗口仍然打开,它会记住重定向。关于如何处理最后一部分的任何建议?一块饼干?会话清除?还有什么?

谢谢

def check_auth(username, password):
  #This function is called to check if a username / password combination is valid.
  return username == 'oneshot' and password == 'private'

def authenticate():
  # Sends a 401 response that enables basic auth
  return Response(
  'Could not verify your access level for that URL.\n'
  'You have to login with proper credentials', 401,
  {'WWW-Authenticate': 'Basic realm="Login Required"'})

def requires_auth(f):
  @wraps(f)
  def decorated(*args, **kwargs):

    start_time = session.get('session_time', None)

    if start_time is None:
      start_time = datetime.datetime.now()
      session['session_time'] = start_time

    elapsed = datetime.datetime.now() - start_time

    if datetime.timedelta(0, 60, 0) < elapsed:
      return redirect(url_for('index'))


    auth = request.authorization
    if not auth or not check_auth(auth.username, auth.password):
      return authenticate()

    return f(*args, **kwargs)

  return decorated

【问题讨论】:

    标签: python session redirect flask basic-authentication


    【解决方案1】:

    这是我最终做的:

    def login_required(test):
  @wraps(test)
  def wrap(*args, **kwargs):
    if 'logged_in' in session:

      # session is always none
      start_time = session.get('session_time', None)


      #get the current time and set it as start time, this is also your session timer start
      if start_time is None:
        start_time = datetime.datetime.now()
        session['session_time'] = start_time

      # make an end time 1 minute from now
      end_time = start_time + datetime.timedelta(minutes=1)

      #find the current time in a for loop maybe? or just an if will probably work.
      if datetime.datetime.now() > end_time: 
        return redirect(url_for('expired', next=request.url))
        session.clear()
        start_time = session.get('session_time', None)

      return test(*args, **kwargs)
    else:

      return redirect(url_for('login', next=request.url))
  return wrap


@app.route('/login', methods=['GET', 'POST'])
def login():   
  error = None
  if request.method == 'POST':
    if request.form['username'] != app.config['USERNAME']:
      error = 'Invalid username'
    elif request.form['password'] != app.config['PASSWORD']:
      error = 'Invalid password'
    else:
      session['logged_in'] = True
      return redirect(url_for('media'))
  return render_template('login.html', error=error)

@app.route('/expired')
def expired():
  session.clear()
  return render_template('expired.html')

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2021-03-21
      • 2011-11-12
      • 2011-05-05
      • 1970-01-01
      • 1970-01-01
      • 2012-07-19
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode