发表新帖
发表新帖

User authentication in tornado websocket application

后端 未结
关注
2 1508
花落未央
花落未央 2021-02-04 13:51

Now, i improve my tornado skills and have a question about user auth.

And my solution is create secure token on first page and next send it with other data, from javascr

2条回答
  • 我在风中等你
    我在风中等你 (楼主)
    2021-02-04 14:35

    A client can probably make the request headers with a fake user: 'user="ImFkbWxxxx==|xxxxxxxxxx|9d847f58a6897df8912f011f0a784xxxxxxxxxx"'

    I think the following approach is better. If the user does not exist or if the cookie id is not correct or falsified, then the function get_secure_cookie will not return a user

    class WebSocketHandler(tornado.websocket.WebSocketHandler):

    def open(self):
        user_id = self.get_secure_cookie("user")
        if not user_id: return None
        ...

    0 讨论(0)
 看不清?
提交回复
热议问题