User not logged in - session cookie too large?

2019-08-12 06:18发布

站内问答 / Python
1786 1 4

I am following the authentication tutorial for google app engine/python here: https://cloud.google.com/python/getting-started/authenticate-users

I'm sure I've followed everything correctly, but when I click the login button on the page I am prompted to log in with google but then when redirected back to the page, it shows the user is not logged in.

I have checked the local server and it is saying:

UserWarning: The "session" cookie is too large: the value was 4755 bytes but the header required 26 extra bytes. The final size was 4781 bytes but the limit is 4093 bytes. Browsers may silently ignore cookies larger than this.

I am not 100% sure this is my problem, but it is the only thing that stands out to me. Can anyone please help?

1条回答
劳资没心,怎么记你
2楼-- · 2019-08-12 06:21

Yes, all data needed to verify the authentication is in the cookie, and you are storing too much info in it.

You can reduce what is stored for the profile, perhaps, in the _request_user_info() hook:

def _request_user_info(credentials):
    # ...
    resp, content = http.request(
        'https://www.googleapis.com/plus/v1/people/me')

    # ...
    session['profile'] = json.loads(content.decode('utf-8'))

Rather than store the whole dictionary, filter the dictionary that json.loads() returns and only retain the profile information your application really needs to have. That, or store this information somewhere else, like in memcached (so retrieve it each time you need it and it is not available in memcached still).

See the People resource documentation to see what data is being stored in session['profile'] and pick what you really need. The tutorial, for example, only needs the display name and the image url:

profile = json.loads(content.decode('utf-8'))
session['profile'] = {'displayName': profile['displayName'], 'image': profile['image']}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)