Flask:在restful服务器中丢失会话

Question

我正在尝试创建一个简单的web应用程序，以便更好地研究它是如何工作的。这个想法是，用户可以通过twitter登录，然后可以在前端访问不同的功能。我可以让用户通过twitter进行身份验证，但我丢失了从一个请求到另一个请求的会话。我使用python3 flask和flask-oauthlib

from flask import Flask, request, url_for, session, redirect, flash
from flask_cors import CORS
from flask_oauthlib.client import OAuth

app = Flask(__name__)
cors = CORS(app)
oauth = OAuth()

@app.route('/login')
def login():
    callback_url = url_for('oauthorized', next=request.args.get('next'))
    return twitter.authorize(callback=callback_url or request.referrer or None)

@app.route('/logout')
def logout():
    session.pop('twitter_oauth', None)
    return redirect(app.config['FRONT_END_URL'])

@app.route('/oauthorized')
def oauthorized():
    frontend_url = app.config['FRONT_END_URL']
    resp = twitter.authorized_response()

    if resp is None:
        flash('You denied the request to sign in.')
        return redirect(frontend_url)
    elif resp['screen_name'] not in allowed_twitter:
        flash('You dont have premission')
        return redirect(frontend_url)

    access_token = resp['oauth_token']
    session['access_token'] = access_token
    session['screen_name'] = resp['screen_name']

    session['twitter_token'] = (
        resp['oauth_token'],
        resp['oauth_token_secret']
    )

    flash('You were successfully logged in')
    return redirect(frontend_url + "/accionDirecta")

@app.route('/test')
def test():
    print(session)  # Is always empty

    access_token = session.get('access_token')
    if access_token is None:
        return("Not login")
    else:
        return("login")

oauthorized()内部的print(session)是正确的，但是当用户在登录后使用jquery $ajax访问/test时，I会话是空的。为什么？

Answer 1

问题出在$ajax get中。默认情况下，ajax不包含您的cookie，因此必须强制使用。在$ajax中，您必须添加：

crossDomain: true, xhrFields: { withCredentials: true }

和这股力量使用你的饼干。