python - Flask session does not JSON serialize cookie -


I am using a session with a flask which sets a signed cookie header in response.

  Sets a cookie named Session with  a = 1  with the flask import session  

.

  a = session.get ('a', none) session ['a'] = 1 return jsonify (a = a)  

code In the jsonify is just to show that the cookie is being read on the next request, and that is it. This is the response to another request

  {"a": 1}  

I need to read the cookie on the client. I therefore want to be JSON encoded to it. I am This response has set cookie headers

  set-cookie: session = eyJhIjoxfQ.BeUPPQ.Al5bwLzcAsN2f15mdREzhGWP1uc; Http; Path = /  

This JSON is not serial

The flask version is 0.10.1. Since version 0.10, it uses the session, the main advantage of which JSON is to serialize cookies rather than the first use.

What am I missing? The flask version is 0.10.1

You misunderstood the default flask session implementation format. The Session object creates cryptographic signature JSON which is then compressed (optionally) and the base ensures 64-encoded session values ​​to be stored so that the client does not tamper with the stored values No compression was applied in your case (compression only applies if it reduces the final output size).

This pickle from the previous format was compromised if server-side secret was compromised (see why code can be dangerous).

In other words, all the flasks have swapped the serializer, typical in an expanded tag JSON format, but already pre-existing cryptographic signature and compression has been left in place. .

As the format is not really suitable to decode on the client side (you have to decode the base 64, possibly break the data, split the signature, and tagging additional types of you May have to be interpreted). You can change the implementation of the session for this, but it is not highly recommended.

If you want to share the data with the customer-side, then you have a & lt; In the script & gt, the data can be embedded in the page with the block var session_data = {{data | Tojson | Safe}}; , or set a different cookie with the data.


Comments