session 的 源码

session 的 源码

1.session 和 cookie 的 区别：

答： cookie 它是保存在浏览器的键值对。

　　session 它是保存在服务端的键值对。  它 依赖cookie 存在。

　　流程：

　　一个服务端，     一个客户端第一次来

　　服务端  去 客户端 发来的请求里的cookie 里面找一个 随机字符串。

　　新用户没有，服务端就会为客户端创建一个随机字符串，发到它的cookie里，并且保存到服务端。

　　下次这个客户端又来了，那么这次服务端就可以获取到了随机字符串。

　　根据这个随机字符串看看你以前有没有在session里面放数据。（对比） 

　　如果数据更新，是会先更新到内存里面，请求返回到时候，在会把内存的数据保存的session。

 

　　session

　　　　{

　　　　　　pc随机字符串: {},

　　　　}

　　当请求第一次来，生成随机字符串，发给用户的cookie，保存到session字段中。（其实就是调用stark（中介），将随机字符串和对应的值，放到local（房主）里）

　　以后去取的时候，top就行了。

　　请求处理完毕，就将session持久化，存到数据库，存到redis，存到加密cookie中。

 

2.分析session源码：

1.请求刚进来先走Flask类的__call__方法。

 

2.用到类和方法。

 

3. 细分：

　0.app.run()   ==>  run_simple(host, port, self, **options) #第一： hold 住 对象过来就执行 __call__方法.

 

 

　1.__call__ 跳入：

　　

 

　2.self.wsgi_app 跳入：

 　　def wsgi_app(self, environ, start_response): 

　　2.1 如何封装？ push 跳入

　　　

 

　3. push跳入之后

 　　

　　_request_ctx_stack跳入： request 和 session 都会放入local 中。

　　

　　3.1 刚开始处理session

　　　　

 

　4.self.wsgi_app. 处理函数

　　

　　full_dispatch_request()跳入：

 

　5.full_dispatch_request

　　

 

 

　6.full_dispatch_request。对返回值进行封装，请求完了之后 after。

 

　　finalize_request跳入；

 

　7.finalize_request

 

　　process_response跳入：

 

　8.process_response

 

 

　9. self.wsgi_app 里。

 　　

 

4.超级细分：

三部曲：

　1. 上下文的处理:  他做的是： 把request，session 的请求相关信息放到local里。（赋值给RequestContext对象）

　　首先.

if __name__ == '__main__':app.run()app.__call__()   #第一

ps:   __call__ 跳入

 

def __call__(self, environ, start_response):"""Shortcut for :attr:`wsgi_app`."""
return self.wsgi_app(environ, start_response)   #第二：请求开始的地方，也是结束的地方

ps:  wsgi_app  跳入

 

    def wsgi_app(self, environ, start_response):    #第三'''{"唯一标识":{'stack':[ResquestContext对象(request,session)]}}'''#第四: 开始之前做的事情。（两件事：处理了request,session）,将这两个数据封装到local中。ctx = self.request_context(environ) #将request信息封装到Request(environ)对象并赋值给了 RequestContext对象
        ctx.push()error = Nonetry:try:response = self.full_dispatch_request()   #第七：执行：before装饰器函数，视图函数：after装饰器函数except Exception as e: #如果请求出现异常error = eresponse = self.handle_exception(e)  # 信号6： 第2/3/4/5/got_request_exceptionexcept:error = sys.exc_info()[1]raisereturn response(environ, start_response)finally:if self.should_ignore_error(error):error = Nonectx.auto_pop(error)  # 结束了  #ctx是request-Context对象 信号7： 里面做了 第6信号：

ps:  request_context  跳入

 

    def request_context(self, environ):return RequestContext(self, environ)

ps：  RequestContext 跳入

 

class RequestContext(object):def __init__(self, app, environ, request=None):self.app = appif request is None:     #如果request 为空request = app.request_class(environ)   # app.request_class就是request对象,app就是flask对象self.request = requestself.url_adapter = app.create_url_adapter(self.request)self.flashes = Noneself.session = None# Request contexts can be pushed multiple times and interleaved with# other request contexts.  Now only if the last level is popped we# get rid of them.  Additionally if an application context is missing# one is created implicitly so for each level we add this informationself._implicit_app_ctx_stack = []# indicator if the context was preserved.  Next time another context# is pushed the preserved context is popped.self.preserved = False# remembers the exception for pop if there is one in case the context# preservation kicks in.self._preserved_exc = None# Functions that should be executed after the request on the response# object.  These will be called before the regular "after_request"# functions.self._after_request_functions = []self.match_request()def _get_g(self):return _app_ctx_stack.top.gdef _set_g(self, value):_app_ctx_stack.top.g = valueg = property(_get_g, _set_g)del _get_g, _set_gdef copy(self):"""Creates a copy of this request context with the same request object.This can be used to move a request context to a different greenlet.Because the actual request object is the same this cannot be used tomove a request context to a different thread unless access to therequest object is locked... versionadded:: 0.10"""return self.__class__(self.app,environ=self.request.environ,request=self.request)def match_request(self):"""Can be overridden by a subclass to hook into the matchingof the request."""try:url_rule, self.request.view_args = \self.url_adapter.match(return_rule=True)self.request.url_rule = url_ruleexcept HTTPException as e:self.request.routing_exception = edef push(self):"""Binds the request context to the current context."""# If an exception occurs in debug mode or if context preservation is# activated under exception situations exactly one context stays# on the stack.  The rationale is that you want to access that# information under debug situations.  However if someone forgets to# pop that context again we want to make sure that on the next push# it's invalidated, otherwise we run at risk that something leaks# memory.  This is usually only a problem in test suite since this# functionality is not active in production environments.top = _request_ctx_stack.top   # 取值if top is not None and top.preserved:top.pop(top._preserved_exc)# Before we push the request context we have to ensure that there# is an application context.app_ctx = _app_ctx_stack.topif app_ctx is None or app_ctx.app != self.app:app_ctx = self.app.app_context()  # 信号1： 把app放到 local里。app_ctx.push()  # 信号2：AppContext(self)的push  （里面做了：触发执行 第1信号：appcontext_pushed）self._implicit_app_ctx_stack.append(app_ctx) # 信号3： 把上面app_ctx对象加进来，以后可以取else:self._implicit_app_ctx_stack.append(None)if hasattr(sys, 'exc_clear'):sys.exc_clear()_request_ctx_stack.push(self)  #第五：将requestContext对象(request,session)的引用，只要一修改，都修改了，添加到local中。# Open the session at the moment that the request context is# available. This allows a custom open_session method to use the# request context (e.g. code that access database information# stored on `g` instead of the appcontext).#self.session_interface.open_session(self, request) = self.app.open_session(self.request)#return self.session_interface.open_session(self, request)#return SecureCookieSessionInterface().open_session(sekf,request)  经过一段处理，session就不是None了self.session = self.app.open_session(self.request)  #第六：刚开始处理session。self.app 表示：flask 对象if self.session is None:  #  self 表示：requestContext对象.请求一开始进来，为空self.session = self.app.make_null_session()  #  走这里，最后还是指null_session_class = NullSession。def pop(self, exc=_sentinel):"""Pops the request context and unbinds it by doing that.  This willalso trigger the execution of functions registered by the:meth:`~flask.Flask.teardown_request` decorator... versionchanged:: 0.9Added the `exc` argument."""app_ctx = self._implicit_app_ctx_stack.pop()try:clear_request = Falseif not self._implicit_app_ctx_stack:self.preserved = Falseself._preserved_exc = Noneif exc is _sentinel:exc = sys.exc_info()[1]self.app.do_teardown_request(exc)  # 信号7。2： 第6信号  request_tearing_down# If this interpreter supports clearing the exception information# we do that now.  This will only go into effect on Python 2.x,# on 3.x it disappears automatically at the end of the exception# stack.if hasattr(sys, 'exc_clear'):sys.exc_clear()request_close = getattr(self.request, 'close', None)if request_close is not None:request_close()clear_request = Truefinally:rv = _request_ctx_stack.pop()# get rid of circular dependencies at the end of the request# so that we don't require the GC to be active.if clear_request:rv.request.environ['werkzeug.request'] = None# Get rid of the app as well if necessary.if app_ctx is not None:app_ctx.pop(exc)  # 信号8：pop属Appcontxt 跳入： 它做了触发了 第7信号 appcontext_tearing_downassert rv is self, 'Popped wrong request context.  ' \'(%r instead of %r)' % (rv, self)def auto_pop(self, exc):if self.request.environ.get('flask._preserve_context') or \(exc is not None and self.app.preserve_context_on_exception):self.preserved = Trueself._preserved_exc = excelse:self.pop(exc)  #信号7.1  跳入def __enter__(self):self.push()return selfdef __exit__(self, exc_type, exc_value, tb):# do not pop the request stack if we are in debug mode and an# exception happened.  This will allow the debugger to still# access the request object in the interactive shell.  Furthermore# the context can be force kept alive for the test client.# See flask.testing for how this works.
        self.auto_pop(exc_value)if BROKEN_PYPY_CTXMGR_EXIT and exc_type is not None:reraise(exc_type, exc_value, tb)def __repr__(self):return '<%s \'%s\' [%s] of %s>' % (self.__class__.__name__,self.request.url,self.request.method,self.app.name,)

ps:   这里，我们暂时先可以看下： session 和 request 一开进来都None。  接着，我们返回，从push 方法进入：

 

 def wsgi_app(self, environ, start_response):    #第三'''{"唯一标识":{'stack':[ResquestContext对象(request,session)]}}'''#第四: 开始之前做的事情。（两件事：处理了request,session）,将这两个数据封装到local中。ctx = self.request_context(environ) #将request信息封装到Request(environ)对象并赋值给了 RequestContext对象ctx.push()

ps：  push 跳入，看看里面都执行了什么？

 

_request_ctx_stack = LocalStack()

ps:  LocalStack()  跳入

 

  def __init__(self):self._local = Local()

ps：  Local () 跳入

 

执行setattr 方法，

 def __setattr__(self, name, value):ident = self.__ident_func__()storage = self.__storage__try:storage[ident][name] = valueexcept KeyError:storage[ident] = {name: value}

 

返回：

        #self.session_interface.open_session(self, request) = self.app.open_session(self.request)#return self.session_interface.open_session(self, request)#return SecureCookieSessionInterface().open_session(sekf,request)  经过一段处理，session就不是None了self.session = self.app.open_session(self.request)  #第六：刚开始处理session。self.app 表示：flask 对象if self.session is None:  #  self 表示：requestContext对象.请求一开始进来，为空self.session = self.app.make_null_session()  #  走这里，最后还是指null_session_class = NullSession。

ps：  open_session  跳入

 

    def open_session(self, request):return self.session_interface.open_session(self, request)

ps： session_interface 跳入

 

 session_interface = SecureCookieSessionInterface()

ps： SecureCookieSessionInterface()  跳入

　

class SecureCookieSessionInterface(SessionInterface):

#: the salt that should be applied on top of the secret key for the
#: signing of cookie based sessions.
salt = 'cookie-session'
#: the hash function to use for the signature.  The default is sha1
digest_method = staticmethod(hashlib.sha1)
#: the name of the itsdangerous supported key derivation.  The default
#: is hmac.
key_derivation = 'hmac'
#: A python serializer for the payload.  The default is a compact
#: JSON derived serializer with support for some extra Python types
#: such as datetime objects or tuples.
serializer = session_json_serializer
session_class = SecureCookieSession   #其实，最后返回的还是个字典的形式

ps: SecureCookieSession跳入

 

class SecureCookieSession(CallbackDict, SessionMixin):"""Base class for sessions based on signed cookies."""def __init__(self, initial=None):def on_update(self):self.modified = TrueCallbackDict.__init__(self, initial, on_update)self.modified = False

ps: CallbackDict 跳入

 

class CallbackDict(UpdateDictMixin, dict):   #dict 字典"""A dict that calls a function passed every time something is changed.The function is passed the dict instance."""

ps：  从这可以看出，它最后继承是  dict  字典。

 

返回：

return self.session_interface.open_session(self, request)

ps： 从open_session 进入

 

    def open_session(self, app, request):s = self.get_signing_serializer(app) # 加密if s is None:return Noneval = request.cookies.get(app.session_cookie_name)  #request:请求的对象，去cookie中获取session作为key对应的值。if not val:  #没有return self.session_class()  #返回session_classmax_age = total_seconds(app.permanent_session_lifetime)try:data = s.loads(val, max_age=max_age)  #序列化解密return self.session_class(data)except BadSignature:return self.session_class()

ps： 进行一系列处理，最后的返回的 session_class 是以字典形式存的。

 

小结： 以上的流程就是上下文处理的过程。

　　  简单的来说，上下文处理做的就是把请求的数据给封装到了 local 里。

 

　2. 视图函数处理

 　首先：

    def wsgi_app(self, environ, start_response):    #第三'''{"唯一标识":{'stack':[ResquestContext对象(request,session)]}}'''#第四: 开始之前做的事情。（两件事：处理了request,session）,将这两个数据封装到local中。ctx = self.request_context(environ) #将request信息封装到Request(environ)对象并赋值给了 RequestContext对象
        ctx.push()error = Nonetry:try:response = self.full_dispatch_request()   #第七：执行：before装饰器函数，视图函数：after装饰器函数except Exception as e: #如果请求出现异常error = eresponse = self.handle_exception(e)  # 信号6： 第2/3/4/5/got_request_exceptionexcept:error = sys.exc_info()[1]raisereturn response(environ, start_response)finally:if self.should_ignore_error(error):error = Nonectx.auto_pop(error)  # 结束了  #ctx是request-Context对象 信号7： 里面做了 第6信号：

ps： full_dispatch_request  跳入

 

 def full_dispatch_request(self):"""Dispatches the request and on top of that performs requestpre and postprocessing as well as HTTP exception catching anderror handling... versionadded:: 0.7"""self.try_trigger_before_first_request_functions() #第八： 执行@before_first_request 装饰的所有函数try:request_started.send(self) #信号4： 请求刚进来执行，触发了  第2信号：request_started.rv = self.preprocess_request()  #第九： 执行 @before_request 装饰的所有函数if rv is None:rv = self.dispatch_request()except Exception as e:rv = self.handle_user_exception(e)return self.finalize_request(rv)  #第十： 执行@after_request 装饰的所有函数：session保存

ps：   finalize_request  跳入

 

    def finalize_request(self, rv, from_error_handler=False):"""Given the return value from a view function this finalizesthe request by converting it into a response and invoking thepostprocessing functions.  This is invoked for both normalrequest dispatching as well as error handlers.Because this means that it might be called as a result of afailure a special safe mode is available which can be enabledwith the `from_error_handler` flag.  If enabled, failures inresponse processing will be logged and otherwise ignored.:internal:"""response = self.make_response(rv)try:response = self.process_response(response)  #第11:  进入process_responserequest_finished.send(self, response=response) #信号5：第5信号 request_finished 执行之前，视图函数如果有模板语法，会先执行：第3，4，信号  ：   before_render_template   template-renderedexcept Exception:if not from_error_handler:raiseself.logger.exception('Request finalizing failed with an ''error while handling an error')return response

ps： process_session  跳入

 

    def process_response(self, response):"""Can be overridden in order to modify the response objectbefore it's sent to the WSGI server.  By default this willcall all the :meth:`after_request` decorated functions... versionchanged:: 0.5As of Flask 0.5 the functions registered for after requestexecution are called in reverse order of registration.:param response: a :attr:`response_class` object.:return: a new response object or the same, has to be aninstance of :attr:`response_class`."""ctx = _request_ctx_stack.topbp = ctx.request.blueprintfuncs = ctx._after_request_functionsif bp is not None and bp in self.after_request_funcs:funcs = chain(funcs, reversed(self.after_request_funcs[bp]))if None in self.after_request_funcs:funcs = chain(funcs, reversed(self.after_request_funcs[None]))for handler in funcs:   # 执行 @after_request 装饰的所有函数response = handler(response)if not self.session_interface.is_null_session(ctx.session):  #最后处理session
            self.save_session(ctx.session, response)return response

ps：  save_session 跳入

 

    def save_session(self, session, response):"""Saves the session if it needs updates.  For the defaultimplementation, check :meth:`open_session`.  Instead of overriding thismethod we recommend replacing the :class:`session_interface`.:param session: the session to be saved (a:class:`~werkzeug.contrib.securecookie.SecureCookie`object):param response: an instance of :attr:`response_class`"""return self.session_interface.save_session(self, session, response)

ps：  save_session  跳入

 

　3. 保存，返回

    def save_session(self, app, session, response):domain = self.get_cookie_domain(app)path = self.get_cookie_path(app)# Delete case.  If there is no session we bail early.# If the session was modified to be empty we remove the# whole cookie.if not session:if session.modified:response.delete_cookie(app.session_cookie_name,domain=domain, path=path)return# Modification case.  There are upsides and downsides to# emitting a set-cookie header each request.  The behavior# is controlled by the :meth:`should_set_cookie` method# which performs a quick check to figure out if the cookie# should be set or not.  This is controlled by the# SESSION_REFRESH_EACH_REQUEST config flag as well as# the permanent flag on the session itself.if not self.should_set_cookie(app, session):returnhttponly = self.get_cookie_httponly(app)secure = self.get_cookie_secure(app)expires = self.get_expiration_time(app, session)val = self.get_signing_serializer(app).dumps(dict(session)) #内存中的session，字典进行加密，也有序列化
        response.set_cookie(app.session_cookie_name, val,expires=expires, httponly=httponly,domain=domain, path=path, secure=secure)  #存到加密的cookie里。

ps: 最后  加密，存到cookie里  返回： 执行  finally

 

ctx.auto_pop(error)  # 结束了  #ctx是request-Context对象 信号7： 里面做了 第6信号：

ps: auto_pop  跳入

 

 def auto_pop(self, exc):if self.request.environ.get('flask._preserve_context') or \(exc is not None and self.app.preserve_context_on_exception):self.preserved = Trueself._preserved_exc = excelse:self.pop(exc)  #信号7.1  跳入

ps：  self.pop(exc)  跳入

 

    def pop(self, exc=_sentinel):"""Pops the request context and unbinds it by doing that.  This willalso trigger the execution of functions registered by the:meth:`~flask.Flask.teardown_request` decorator... versionchanged:: 0.9Added the `exc` argument."""app_ctx = self._implicit_app_ctx_stack.pop()try:clear_request = Falseif not self._implicit_app_ctx_stack:self.preserved = Falseself._preserved_exc = Noneif exc is _sentinel:exc = sys.exc_info()[1]self.app.do_teardown_request(exc)  # 信号7。2： 第6信号  request_tearing_down# If this interpreter supports clearing the exception information# we do that now.  This will only go into effect on Python 2.x,# on 3.x it disappears automatically at the end of the exception# stack.if hasattr(sys, 'exc_clear'):sys.exc_clear()request_close = getattr(self.request, 'close', None)if request_close is not None:request_close()clear_request = Truefinally:rv = _request_ctx_stack.pop()  #把ContentText对象 POP 出来

ps:  把ContentText对象 POP 出来

结束。