I have found a very strange problem in my Flask application. I discovered that in some circumstances multiple session cookies could be created with the same name. I attached a picture about it. It is not browser specific.
这本身很奇怪,但是当我尝试使用 CSRF验证表单时,真正的问题来了令牌.不幸的是,Flask选择了错误的会话cookie,并且CSRF令牌的验证无法成功.甚至更奇怪的是,即使提交了多个表单,问题仍然存在.唯一的解决方案是删除cookie,这不是普通用户的选择.
It is strange itself, but the real problem comes when I try to validate a form with CSRF token. Unfortunately, Flask picks a wrong session cookie and the validation of the CSRF token cannot be successful. And even more strangely the problem persists even after multiple form submits. The only solution is deleting the cookies which is not an option for an average user.
Are there any options to prevent Flask to create cookies with the same name? Or at least is there an option for get all cookie names from my application? In this case at least I would able to delete session cookies with the same name.
Without code, it is hard to tell where Flask generates multiple cookies with the same name, but it is possible that you let the cookie live to long, please see Flask: How to remove cookies? to deal with this issue.
If I understand you correctly, another main issue is [comment by me]:
Picking the wrong cookie from multiple ones with the same name is not Flask-specific, but rather about the logic used by client/ browser, see e.g. How to handle multiple cookies with the same name?
这篇关于Flask –具有相同名称的多个会话Cookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!