本文目录导读:
- 使用
http.cookies模块(标准库) - 使用
requests库处理HTTP Cookie - 使用
browser_cookie3读取浏览器Cookie - 文件存储Cookie(持久化)
- 完整的Web应用示例(Flask)
- 实用工具函数
- 注意事项
我来介绍Python中读写Cookie信息的几种常用方法。
使用 http.cookies 模块(标准库)
from http.cookies import SimpleCookie, CookieError
# 创建Cookie
def create_cookie():
cookie = SimpleCookie()
cookie['username'] = '张三'
cookie['username']['path'] = '/'
cookie['username']['max-age'] = 3600 # 1小时后过期
cookie['username']['domain'] = 'example.com'
cookie['role'] = 'admin'
cookie['role']['httponly'] = True # 防止JavaScript访问
# 输出Cookie字符串
print(cookie.output())
# 输出: Set-Cookie: username=张三; Domain=example.com; Max-Age=3600; Path=/
# Set-Cookie: role=admin; HttpOnly; Path=/
# 解析Cookie字符串
def parse_cookie(cookie_string):
cookie = SimpleCookie()
cookie.load(cookie_string)
for key, morsel in cookie.items():
print(f"{key}: {morsel.value}")
print(f" 属性: {dict(morsel)}")
# 读取特定Cookie值
def get_cookie_value(cookie_string, key):
cookie = SimpleCookie()
cookie.load(cookie_string)
return cookie.get(key).value if cookie.get(key) else None
# 示例
cookie_str = "username=张三; role=admin; session_id=abc123"
print(get_cookie_value(cookie_str, "username")) # 输出: 张三
使用 requests 库处理HTTP Cookie
import requests
from http.cookiejar import CookieJar
# 方案1:自动处理Cookie(Session)
def session_cookies_example():
# 创建session自动管理Cookie
session = requests.Session()
# 第一次请求,服务器可能设置Cookie
login_response = session.post('https://httpbin.org/post', data={'username': 'test'})
# 第二次请求会自动携带Cookie
profile_response = session.get('https://httpbin.org/get')
# 查看session中的Cookie
for cookie in session.cookies:
print(f"{cookie.name}: {cookie.value}")
# 方案2:手动设置Cookie
def manual_cookies():
# 设置Cookie
cookies = {
'session_id': 'abc123',
'username': 'admin'
}
response = requests.get('https://httpbin.org/get', cookies=cookies)
# 从响应中获取Cookie
for cookie in response.cookies:
print(f"{cookie.name}: {cookie.value}")
# 方案3:使用CookieJar
def cookie_jar_example():
jar = CookieJar()
# 也可以使用requests的RequestsCookieJar
from requests.cookies import RequestsCookieJar
cookies = RequestsCookieJar()
cookies.set('username', 'admin', domain='httpbin.org', path='/')
cookies.set('token', 'xyz789', domain='httpbin.org', path='/')
response = requests.get('https://httpbin.org/cookies', cookies=cookies)
print(response.text)
使用 browser_cookie3 读取浏览器Cookie
# 需要安装: pip install browser-cookie3
import browser_cookie3
def read_browser_cookies():
# 读取Chrome浏览器的Cookie
try:
cj = browser_cookie3.chrome(domain_name='.example.com')
for cookie in cj:
print(f"域名: {cookie.domain}")
print(f"名称: {cookie.name}")
print(f"值: {cookie.value}")
print(f"路径: {cookie.path}")
print(f"过期时间: {cookie.expires}")
print("-" * 50)
except Exception as e:
print(f"读取Cookie失败: {e}")
# 指定特定网站的Cookie
def get_specific_cookies():
cookies = browser_cookie3.load(domain_name='.baidu.com')
for cookie in cookies:
if cookie.name == 'BAIDUID':
print(f"找到百度Cookie: {cookie.value}")
文件存储Cookie(持久化)
import json
import pickle
from http.cookies import SimpleCookie
class CookieManager:
def __init__(self, filename='cookies.json'):
self.filename = filename
self.cookies = {}
def save_cookies_json(self):
"""使用JSON保存Cookie"""
with open(self.filename, 'w', encoding='utf-8') as f:
json.dump(self.cookies, f, ensure_ascii=False, indent=2)
print(f"Cookie已保存到 {self.filename}")
def load_cookies_json(self):
"""从JSON文件加载Cookie"""
try:
with open(self.filename, 'r', encoding='utf-8') as f:
self.cookies = json.load(f)
return self.cookies
except FileNotFoundError:
print("Cookie文件不存在")
return {}
def save_cookies_pickle(self):
"""使用pickle保存Cookie对象"""
with open('cookies.pkl', 'wb') as f:
pickle.dump(self.cookies, f)
def load_cookies_pickle(self):
"""从pickle文件加载Cookie"""
try:
with open('cookies.pkl', 'rb') as f:
self.cookies = pickle.load(f)
return self.cookies
except FileNotFoundError:
return {}
def add_cookie(self, name, value, **kwargs):
"""添加Cookie"""
self.cookies[name] = {
'value': value,
**kwargs
}
# 使用示例
def cookie_persistence_example():
manager = CookieManager()
# 添加Cookie
manager.add_cookie('session_id', 'xyz789', domain='example.com', path='/')
manager.add_cookie('user_id', '12345', httponly=True)
# 保存
manager.save_cookies_json()
# 加载
loaded_cookies = manager.load_cookies_json()
print(f"加载的Cookie: {loaded_cookies}")
完整的Web应用示例(Flask)
# 需要安装: pip install flask
from flask import Flask, request, make_response, jsonify
app = Flask(__name__)
app.secret_key = 'your-secret-key'
@app.route('/set_cookie')
def set_cookie():
"""设置Cookie"""
response = make_response('Cookie已设置')
# 设置普通Cookie
response.set_cookie(
'username',
'张三',
max_age=60*60*24, # 24小时
path='/',
domain=None,
secure=False,
httponly=False,
samesite='Lax'
)
# 设置安全Cookie
response.set_cookie(
'session_id',
'abc123',
httponly=True, # 防止XSS攻击
secure=True, # 仅HTTPS传输
samesite='Strict'
)
return response
@app.route('/get_cookie')
def get_cookie():
"""读取Cookie"""
username = request.cookies.get('username')
session_id = request.cookies.get('session_id')
return jsonify({
'username': username,
'session_id': session_id,
'all_cookies': dict(request.cookies)
})
@app.route('/delete_cookie')
def delete_cookie():
"""删除Cookie"""
response = make_response('Cookie已删除')
response.delete_cookie('username')
response.delete_cookie('session_id')
return response
@app.route('/set_signed_cookie')
def set_signed_cookie():
"""设置签名Cookie(防篡改)"""
from flask import session
# Flask session自动签名
session['user_id'] = 12345
session['role'] = 'admin'
session.permanent = True # 使用配置的PERMANENT_SESSION_LIFETIME
return '签名Cookie已设置'
@app.route('/get_signed_cookie')
def get_signed_cookie():
"""读取签名Cookie"""
from flask import session
user_id = session.get('user_id')
role = session.get('role')
return jsonify({
'user_id': user_id,
'role': role
})
if __name__ == '__main__':
app.run(debug=True)
实用工具函数
import uuid
import hashlib
import time
from datetime import datetime, timedelta
class CookieUtils:
@staticmethod
def generate_session_id():
"""生成唯一的session ID"""
return str(uuid.uuid4())
@staticmethod
def encrypt_cookie_value(value, secret_key):
"""加密Cookie值(简单示例)"""
return hashlib.sha256(f"{value}{secret_key}".encode()).hexdigest()
@staticmethod
def parse_cookie_string(cookie_string):
"""解析Cookie字符串为字典"""
cookies = {}
if cookie_string:
for item in cookie_string.split(';'):
item = item.strip()
if '=' in item:
key, value = item.split('=', 1)
cookies[key.strip()] = value.strip()
return cookies
@staticmethod
def format_cookie_dict(cookies_dict, **options):
"""将字典格式化为Cookie字符串"""
parts = []
for key, value in cookies_dict.items():
parts.append(f"{key}={value}")
# 添加通用属性
if 'path' in options:
parts.append(f"Path={options['path']}")
if 'domain' in options:
parts.append(f"Domain={options['domain']}")
if 'max_age' in options:
parts.append(f"Max-Age={options['max_age']}")
if options.get('secure'):
parts.append("Secure")
if options.get('httponly'):
parts.append("HttpOnly")
return '; '.join(parts)
@staticmethod
def is_cookie_expired(cookie_expiry):
"""检查Cookie是否过期"""
if cookie_expiry is None:
return False
return datetime.now() > cookie_expiry
# 使用示例
utils = CookieUtils()
print(f"生成Session ID: {utils.generate_session_id()}")
print(f"解析Cookie: {utils.parse_cookie_string('name=张三; age=25')}")
print(f"格式化Cookie: {utils.format_cookie_dict({'session': 'abc'}, path='/', httponly=True)}")
注意事项
-
安全性:
- 敏感信息不要存储在Cookie中
- 使用
httponly防止XSS攻击 - 使用
secure确保HTTPS传输 - 使用
SameSite属性防止CSRF攻击
-
性能:
- Cookie大小限制约4KB
- 浏览器对Cookie数量有限制(一般50个/域)
- 不要存储过多数据
-
编码:
- Cookie值需要URL编码
- 中文等特殊字符建议编码后存储
-
跨域:
- Cookie默认不能跨域共享
- 可以通过设置domain实现子域共享
这些方法涵盖了Python中处理Cookie的主要场景,你可以根据具体需求选择合适的方式。
