我使用 Google 帐户在 AppEngine 中验证我的用户的方式简直太棒了。
但是,我需要使用我的自定义身份验证登录系统。
我将有一个 AppUsers 表,其中包含用户名和加密密码。
我在 gae 上阅读了一些关于 session 的内容,但我需要有关启动我的应用程序安全性的帮助。
如何跟踪经过身份验证的用户 session ?设置 cookie?
初学者。
最佳答案
你可以使用 cookie 来做到这一点......这真的不是那么难。您可以使用 cookie 来跟踪用户的身份验证并将 session key 存储在 gae 数据存储中。
有一个例子(只是展示基本思路,不保证代码可以直接使用)
基本用户表:
# simply add an property to store the session key
class User(db.Model):
username = db.StringProperty()
password = db.StringProperty()
session = db.StringProperty()
登录函数
# Do the following step:
# 1. make sure user provide correct username and password
# 2. generate a random session key
# 3. store the session key to datastore
# 4. set the session key and user name in cookie
class LoginAPI( Webapp.RequestHandler ):
def get(self):
username = self.getVar( 'username', username )
password = self.getVar( 'password', password )
user = User.all().filter("username = ", username).get()
password = encrypted_the_password(password) # encrypted your password with your own method!
if user.password == password:
# User login successfually
session = generate_random_session_key() # generate your session key here
user.session = session
user.put()
expires_time = decide_your_expires_time() # decide how long the login session is alive.
cookie_time_format = "%a, %d-%b-%Y %H:%M:%S GMT"
expires_datetime = datetime.datetime.fromtimestamp(expires_time)
# set cookie as session
self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( user.username,expires_datetime.strftime( cookie_time_format ) ) )
self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( user.session, expires_datetime.strftime( cookie_time_format ) ) )
else:
#User login failed
pass
注销函数
# Remove the previous cookie info
class LoginAPI( Webapp.RequestHandler ):
def get(self):
# remove the cookie
self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( "",expires_datetime.strftime( cookie_time_format ) ) )
self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( "", expires_datetime.strftime( cookie_time_format ) ) )
当您需要用户登录时
# Get the session info from cookie. If the session info match the info stored in datastore
# Then user authenticate successfully.
class SomePage(Webapp.RequestHandler):
def get(self):
# get cookie info
username_from_cookie = self.request.cookies.get("user", "")
session_from_cookie = self.request.cookies.get("session", "")
if username_from_cookie and session_from_cookie:
user = User.all().filter("username = ", username_from_cookie).get()
if user.session == session_from_cookie:
# the user is login correctly
pass
else:
# the user is not login
pass
else:
# the user is not login
pass
关于java - 谷歌应用引擎 : custom authentication,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6711382/