I've been searching on this but can't seem to figure out how I can delete a specific cookie using Google Apps Engine, Python version. I am setting the cookie like below and I need to update its value, I figure I may not be able to update and just need to delete and re-create but can't seem to find the way to do that, I am creating it as below:
str = 'if_loggedin_username='+ self.username
self.from_obj.response.headers.add_header(
'Set-Cookie', str)
Thanks for any advice.
There is no way for the server to delete an HTTP cookie. To update the value, just send a new cookie with the same name and it will be updated; to "delete" the cookie, set an expiration time in the past.
Just to add more, send a new cookie with same name with value None (NoneType)
self.response.headers.add_header("Set-Cookie", None)
Hope it helps
Related
I’ve seen a couple examples of this ( Storing auth tokens in a cookie )already; but I’d like to understand the reason for doing this.I think this would create more problems because you have to specifically remember to delete the cookie after you’re finished. For my specific example ; I am dealing with Instagram via the API
Thank you for any and all help
I`m not sure exactly what you're asking for. You need to know how to store the token? However, then is no need to remember to delete a cookie, just set an expiration date.
Regarding the API, you will need a valid token everytime you do a request to API, so don`t delete it, otherwise you will need to re-authenticate everytime.
Note: For Instagram Business Accounts you need to use Facebook API.
https://developers.facebook.com/docs/instagram-api/v2.10
Basically what I want to do is to save some user-specific data, which I do not intend the user to be able to read.
This data should be stored for a week or so, but I can't use the session object, because I don't want to set session.permanent = True (I already use it to manage logins).
So basically I need a signed cookie, like session. Can I create an other instance of the session object somehow, or is there an easy way of making cookies signed?
Cookies contents are up to you, it's more or less a key value store in your users' browsers with an expiration date.
Regarding the content, for your use case you can use any kind of symmetric encryption like Fernet for instance (available in the cryptography package, cf https://cryptography.io/en/latest/).
As far as I know, itsdangerous (from Flask author, cf http://pythonhosted.org/itsdangerous/) enables you to sign the content of a cookie, but it doesn't "encrypt" it (the user will still be able to see the content, but not modify it). itsdangerous is a Flask dependency btw.
I currently have the following:
from flask import Flask, session,request
#app.route('/venue/login', methods=['GET', 'POST'])
def venue_login():
token = generate_token()
session['venue_id'] = token
return json.dumps(...)
When I look at the response in Chrome, I can see that Set-Cookie:session=... has been set.
I have 2 questions:
1) How do I read this cookie on the `server?
I have tried:
venue_id = request.cookies.get('venue_id')
but this doesn't seem to be picking it up.
2) With my code above, all my cookies will be set with the same name. After reading the cookie value, I would like to delete the corresponding entry in session. How should I go about doing this? Also if two requests come in one after the other, will the line:
session['venue_id'] = token
override the first entry with the second? Or does every request start a new session?
I am kind of confused with how this all should work. Any help would be greatly appreciated.
Well. Cookies and sessions are a bit different.
If you want to use cookies and make venue_id = request.cookies.get('venue_id') work - You need to use set_cookie:
set_cookie('venue_id', token)
In cookies case - you can solve general problems that cookies can solve (have a long lasting cookie for example)
If you want to use session (which is intended for session uniqueness and auth) you need to just use session and put the "username" or the unique ID of the venue in your case.
Which to use - It really depends what you are trying to achieve
Have a look at:
http://flask.pocoo.org/docs/0.10/quickstart/#cookies
http://flask.pocoo.org/docs/0.10/quickstart/#sessions
Im trying to send a simple email to do the password recover of a user, the input is just a email to send the new password..
But i can't... i get this error
SMTPServerDisconnected: please run connect() first
I already tried a few examples, like, https://bitbucket.org/andialbrecht/appengine_emailbackends/overview, but i get the same error
I really need this, maybe someone can tell me how to use an alternative to code in my view to send an email...Also i changed the backend to
EMAIL_BACKEND = 'djangoappengine.mail.EmailBackend'
but nothing,i don't know how to use this backend anyway :(
Plz Help :(
maybe someone can tell me how to use an alternative to code in my view to send an email...
I can help with this, seeing as it seems that perhaps this repository you're trying to use is based on an earlier version of App Engine and is throwing the error due to a required code change somewhere in the library - either that or the fact that you changed the string from what the library recommends (your version: 'djangoappengine.mail.EmailBackend') to a string that seems to not be correct, as it's different to what the author of the repository directed you to use (their version: 'appengine_emailbackend.EmailBackend'), and this is causing trouble.
Whenever possible, I'd recommend seeing if there is an "app-engine-y" way to do something, before going to a third-party library or deploying a module somebody else wrote to hack in third-party capabilities, or looking for an advanced/experimental feature (for example, use Datastore first, rather than remotely connecting to a MySQL VM, unless you need MySQL). If you absolutely need that library, this is a different story, but if you just want to send emails, the Mail API is what you need. It's a convenient way to send emails on App Engine.
I'm going to assume in the following that you are storing your user's usernames and hashed passwords in custom-defined User-kind entities in your Datastore. If you have your users using simple OAuth to sign into your site, there is never any reason to "reset/recover password":
Create the <form action="/some/route" action="POST"> element on
the page where the user requests password recovery.
Put the code responsible for handling this form submission (they will input their email, or whatever account info they need for your code to find their User entity in the Datastore in a handler that will respond on that route.
In the handler, generate a unique token and store it in the Datastore. Send the token in the email that you generate and send using the Mail API (see the example code in the link to the docs I provided). This will allow your user to return to your site, authenticate with the token from the email, and then fill out a form to create a new password. You will then hash this password (with a salt) and store it in their User entity in your Datastore.
I'm skipping over the details of how to implement a "password recovery form", given what I said about OAuth and that you are probably really only concerned with how to send mail. In the email you send, for example, you can insert a hyperlink to your site with the token already inserted as a query param, so that the user doesn't have to copy and paste, etc.
I use Python 3 as a serverside scripting language, and I want a way to keep users logged into my site. I don't use any framework, since I prefer to hand code pages, so how do I create session variables like in PHP in Python 3?
The logic of a session is storing a unique session id inside the user cookie ( uuid package will do a perfect job for that ). And you store the sessions data inside a file, database or other semi-permanent datastore.
The idea is matching the sessionid that you receive from your user cookie, to some data stored somewhere on your server.
I assume that you know how to add the right header to set a cookie via the response header.
Otherwise there is more information here : http://en.wikipedia.org/wiki/List_of_HTTP_header_fields#Responses