vik*_*vik 5 flask flask-login flask-security
我正在使用 Flask-Security 来管理用户,并且我收到报告说用户以自己的身份成功登录,但是在他们加载页面时随机地显示他们以完全不同的人身份登录。我不确定我哪里出错了。这可能发生的方式有哪些?
我使用 UserService 来做一些简单的用户管理。我在每个请求之前实例化一个用户服务并传入 current_user。
@app.before_request
def load_request_services():
g.user_service = UserService(user_datastore, application_service, email_service, ORGS, current_user)
然后,我通过此方法获取 UserService 中的当前用户:
def current_user_get_info(self):
返回 {
'用户':self.current_user.email,
'first_name':self.current_user.first_name,
'last_name': self.current_user.last_name,
'phone_number': self.current_user.phone_number,
}
执行此 API 请求代码时会调用此方法:
类 CurrentUser(restful.Resource):
定义获取(自我):
返回 json_response(g.user_service.current_user_get_info())
我发现了这个问题,并在这里发布给可能有同样问题的其他人。
It turns out that the users who were accessing my site were behind a VPN with a proxy. The proxy was caching the pages along with the user's cookies. When one user makes request, the proxy would cache the page along with that user's cookie in the header. On the next user's request, the proxy would serve back the page with the first user's cookie and thus the second user would find himself as someone else.
See here for more info: https://code.google.com/p/doctype-mirror/wiki/ArticleHttpCaching
I solved it by setting the cache-control HTTP header to 'private' so that the proxy will not try to cache it. In Flask, it looks like this:
@app.after_request
def add_header(response):
response.cache_control.private = True
response.cache_control.public = False
return response
| 归档时间: |
|
| 查看次数: |
588 次 |
| 最近记录: |