ItsDangerous securely signs data to ensure its integrity. This is used to protect Flask’s session cookie. • Click is a framework for writing command line applications. It provides the flask command and Cookies To access cookies you can use the cookies attribute. To set cookies you can use the set_cookie method of response objects. The cookies attribute of request objects is a dictionary with all the get a # KeyError if the cookie is missing. Storing cookies: from flask import make_response @app.route('/') def index(): resp = make_response(render_template(...)) resp.set_cookie('username', 'the username')

com/p/itsdangerous/] securely signs data to ensure its integrity. This is used to protect Flask’s session cookie. Click [https://palletsprojects.com/p/click/] is a framework for writing command line applications Cookies To access cookies you can use the cookies attribute. To set cookies you can use the set_cookie method of response objects. The cookies attribute of request objects is a dictionary with all the # KeyError if the cookie is missing. Storing cookies: from flask import make_response @app.route('/') def index(): resp = make_response(render_template(...)) resp.set_cookie('username', 'the username')

SHA512 • HMAC with SHA • base64 DEMO itsdangerous 3 History • Flask 0.10: Changed default cookie serialization format from pickle to JSON to limit the impact an attacker can do if the secret itsdangerous to dependencies WHAT IS itsdangerous e.g. session koajs expressjs Cookie: session=xxx Cookie: session.sig=xxx session.sig = Sign(session, secret) self-made Json Web Signature

Created.') flash() 函数在内部会把消息存储到 Flask 提供的 session 对象 里。 session 用来在请求间存储数据，它会把数据签名后存储到浏览器的 Cookie 中，所以我们需要设置签名所需的密钥： app.config['SECRET_KEY'] = 'dev' # 等同于 app.secret_key = 'dev' 第 7 章：表单 64