class BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return None return self.backend.get_user_by_id(user_id) def get_user_locale(self): with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") self.write("Your cookie was not set set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies to, e.g., identify the cur- rently logged in user, you need

BaseHandler(tornado.web.RequestHandler): def get_current_user(self): user_id = self.get_signed_cookie("user") if not user_id: return Nonereturn self.backend.get_user_by_id(user_id) def user’s browser with the set_cookie method: class MainHandler(tornado.web.RequestHandler): def get(self): if not self.get_cookie("mycookie"): self.set_cookie("mycookie", "myvalue") "myvalue") self.write("Your cookie was not set yet!") else: self.write("Your cookie was set!") Cookies are not secure and can easily be modified by clients. If you need to set cookies

Guzzle can maintain a cookie session for you if instructed using the cookies request option. When sending a request, the cookies option must be set to an instance of GuzzleHttp\Cookie\CookieJarInterface. // Use a specific cookie jar $jar = new \GuzzleHttp\Cookie\CookieJar; $r = $client->request('GET', 'http://httpbin.org/cookies', [ 'cookies' => $jar ]); You can set cookies to true in a client client constructor if you would like to use a shared cookie jar for all requests. // Use a shared client cookie jar $client = new \GuzzleHttp\Client(['cookies' => true]); $r = $client->request('GET', 'http://httpbin

Guzzle can maintain a cookie session for you if instructed using the cookies request option. When sending a request, the cookies option must be set to an instance of GuzzleHttp\Cookie\CookieJarInterface. // Use a specific cookie jar $jar = new \GuzzleHttp\Cookie\CookieJar; $r = $client->request('GET', 'http://httpbin.org/cookies', [ 'cookies' => $jar ]); You can set cookies to true in a client client constructor if you would like to use a shared cookie jar for all requests. // Use a shared client cookie jar $client = new \GuzzleHttp\Client(['cookies' => true]); $r = $client->request('GET', 'http://httpbin

Guzzle can maintain a cookie session for you if instructed using the cookies request option. When sending a request, the cookies option must be set to an instance of GuzzleHttp\Cookie\CookieJarInterface. // Use a specific cookie jar $jar = new \GuzzleHttp\Cookie\CookieJar; $r = $client->request('GET', 'http://httpbin.org/cookies', [ 'cookies' => $jar ]); You can set cookies to true in a client constructor constructor if you would like to use a shared cookie jar for all requests. // Use a shared client cookie jar $client = new \GuzzleHttp\Client(['cookies' => true]); $r = $client->request('GET', 'http://httpbin

Guzzle can maintain a cookie session for you if instructed using the cookies request option. When sending a request, the cookies option must be set to an instance of GuzzleHttp\Cookie\CookieJarInterface. // Use a specific cookie jar $jar = new \GuzzleHttp\Cookie\CookieJar; $r = $client->request('GET', 'http://httpbin.org/cookies', [ 'cookies' => $jar ]); You can set cookies to true in a client constructor constructor if you would like to use a shared cookie jar for all requests. // Use a shared client cookie jar $client = new \GuzzleHttp\Client(['cookies' => true]); $r = $client->request('GET', 'http://httpbin

. . . . . . . . . . . . . 974 20.21 cookielib —Cookie handling for HTTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 20.22 Cookie —HTTP state management . . . . . . . . . . . . current thread. This is a nonzero integer. Its value has no direct meaning; it is intended as a magic cookie to be used e.g. to index a dictionary of thread-specific data. Thread identifiers may be recycled 723 The Python Library Reference, 发布 2.7.18 (续上页) b'X-Cache: HIT', b'X-Cache-Hits: 11', b'Vary: Cookie', b'Strict-Transport-Security: max-age=63072000; includeSubDomains', b'Connection: close', b'', b'']

. . . . . . . . . . . . . 974 20.21 cookielib —Cookie handling for HTTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 20.22 Cookie —HTTP state management . . . . . . . . . . . . current thread. This is a nonzero integer. Its value has no direct meaning; it is intended as a magic cookie to be used e.g. to index a dictionary of thread-specific data. Thread identifiers may be recycled 723 The Python Library Reference, 发布 2.7.18 (续上页) b'X-Cache: HIT', b'X-Cache-Hits: 11', b'Vary: Cookie', b'Strict-Transport-Security: max-age=63072000; includeSubDomains', b'Connection: close', b'', b'']

. . . . . . . . . . . . . 974 20.21 cookielib —Cookie handling for HTTP clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 20.22 Cookie —HTTP state management . . . . . . . . . . . . current thread. This is a nonzero integer. Its value has no direct meaning; it is intended as a magic cookie to be used e.g. to index a dictionary of thread-specific data. Thread identifiers may be recycled 723 The Python Library Reference, 发布 2.7.18 (续上页) b'X-Cache: HIT', b'X-Cache-Hits: 11', b'Vary: Cookie', b'Strict-Transport-Security: max-age=63072000; includeSubDomains', b'Connection: close', b'', b'']

JSESSIONID Cookie 维护会话，且会话默认是跟容器绑定的； 在某些情况下可能需要使用自己的会话机制，此时我们可以使用DefaultWebSessionManager 来维护会话： sessionIdCookie 是 sessionManager 创建会话 Cookie 的模板： sessionIdCookie.name：设置 Cookie 名字，默认为 JSESSIONID； sessionIdCookie.domain：设置 Cookie 的域名，默认空，即当前访问的域名； sessionIdCookie.path：设置 Cookie 的路径，默认空，即存储在域名根下； sessionIdCookie.maxAge：设置 Cookie 的过期时间，秒为单位，默认-1 表示关闭浏览器时 过期 Cookie； sessionIdCookie.httpOnly：如果设置为 ，使用 HttpOnly cookie 有助于减少某些类型的跨站点脚本攻击；此特性需要实现了Servlet 2.5 MR6 及以上版本的规范的 Servlet 容器支持； sessionManager.sessionIdCookieEnabled：是否启用/禁用 Session Id Cookie，默认是启用的； 如果禁用后将不会设置 Session Id Cookie，即默认使用了 Servlet