本文目录导读:
- 使用 requests 库操作 Cookie
- 使用 http.cookiejar 模块
- 使用 Selenium 操作浏览器 Cookie
- Cookie 解析和处理
- 实战案例:自动登录和保持会话
- Cookie 安全注意事项
- 使用 Flask 框架操作 Cookie
我来详细讲解 Python 操作 Cookie 数据的几种常见方式:
使用 requests 库操作 Cookie
基本用法
import requests
# 方法1:直接设置 Cookie
url = "https://httpbin.org/cookies"
cookies = {"user": "admin", "session": "12345"}
response = requests.get(url, cookies=cookies)
print(response.text)
# 方法2:使用 CookieJar
from http.cookiejar import CookieJar
jar = CookieJar()
response = requests.get(url, cookies=jar)
会话维持
# 使用 Session 自动管理 Cookie
session = requests.Session()
# 第一次请求(登录)
login_data = {
"username": "user123",
"password": "pass123"
}
session.post("https://example.com/login", data=login_data)
# 后续请求自动携带 Cookie
response = session.get("https://example.com/dashboard")
print(response.text)
# 查看看所有 Cookie
for cookie in session.cookies:
print(f"{cookie.name}: {cookie.value}")
使用 http.cookiejar 模块
from http.cookiejar import CookieJar, Cookie
import urllib.request
# 创建 Cookie 管理器
cookie_jar = CookieJar()
# 手动创建 Cookie
from datetime import datetime, timedelta
cookie = Cookie(
version=0,
name='session_id',
value='abc123',
port=None,
port_specified=False,
domain='.example.com',
domain_specified=True,
domain_initial_dot=True,
path='/',
path_specified=True,
secure=False,
expires=int((datetime.now() + timedelta(days=30)).timestamp()),
discard=False,
comment=None,
comment_url=None,
rest={'HttpOnly': None},
rfc2109=False
)
# 添加 Cookie
cookie_jar.set_cookie(cookie)
# 创建 URL 处理器
opener = urllib.request.build_opener(
urllib.request.HTTPCookieProcessor(cookie_jar)
)
# 发送请求
response = opener.open("https://httpbin.org/cookies")
print(response.read().decode())
使用 Selenium 操作浏览器 Cookie
from selenium import webdriver
# 启动浏览器
driver = webdriver.Chrome()
driver.get("https://example.com")
# 获取所有 Cookie
cookies = driver.get_cookies()
print(cookies)
# 获取特定 Cookie
cookie = driver.get_cookie("session_id")
print(cookie)
# 添加 Cookie
new_cookie = {
"name": "user_id",
"value": "12345",
"domain": "example.com",
"path": "/",
"expiry": 1735689600 # 可选,Unix 时间戳
}
driver.add_cookie(new_cookie)
# 删除 Cookie
driver.delete_cookie("session_id") # 删除特定 Cookie
driver.delete_all_cookies() # 删除所有 Cookie
# 保存和加载 Cookie
import pickle
# 保存 Cookie 到文件
with open("cookies.pkl", "wb") as file:
pickle.dump(driver.get_cookies(), file)
# 从文件加载 Cookie
driver.get("https://example.com") # 先访问域名
with open("cookies.pkl", "rb") as file:
cookies = pickle.load(file)
for cookie in cookies:
driver.add_cookie(cookie)
Cookie 解析和处理
import http.cookies
# 解析 Cookie 字符串
cookie_string = "user=john; session=abc123; lang=zh-CN"
cookies = http.cookies.SimpleCookie(cookie_string)
# 访问 Cookie
print(cookies['user'].value) # 输出: john
# 遍历所有 Cookie
for key, morsel in cookies.items():
print(f"{key}: {morsel.value}")
print(f" 属性: {morsel.coded_value}")
# 创建新的 Cookie
new_cookie = http.cookies.SimpleCookie()
new_cookie['session'] = 'xyz789'
new_cookie['session']['domain'] = 'example.com'
new_cookie['session']['path'] = '/'
new_cookie['session']['httponly'] = True
new_cookie['session']['secure'] = True
new_cookie['session']['max-age'] = 3600 # 1小时
print(new_cookie.output()) # 输出完整的 Cookie 字符串
实战案例:自动登录和保持会话
import requests
from bs4 import BeautifulSoup
class WebsiteAgent:
def __init__(self):
self.session = requests.Session()
self.session.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
})
def login(self, login_url, username, password):
# 获取登录页面(获取 CSRF Token)
response = self.session.get(login_url)
soup = BeautifulSoup(response.text, 'html.parser')
# 提取 CSRF Token(示例)
csrf_token = soup.find('input', {'name': 'csrf_token'}).get('value')
# 提交登录
login_data = {
'username': username,
'password': password,
'csrf_token': csrf_token
}
response = self.session.post(login_url, data=login_data)
if response.status_code == 200:
print("登录成功")
return True
return False
def access_protected(self, url):
# 使用已保存的 Cookie 访问受保护页面
response = self.session.get(url)
return response.text
def save_cookies(self, filepath):
# 保存 Cookie 到文件
import json
cookies = [
{
'domain': c.domain,
'name': c.name,
'value': c.value,
'path': c.path,
'secure': c.secure
}
for c in self.session.cookies
]
with open(filepath, 'w') as f:
json.dump(cookies, f)
def load_cookies(self, filepath):
# 从文件加载 Cookie
import json
with open(filepath, 'r') as f:
cookies = json.load(f)
for cookie_data in cookies:
self.session.cookies.set(**cookie_data)
# 使用示例
agent = WebsiteAgent()
# 登录
if agent.login('https://example.com/login', 'user123', 'pass123'):
# 保存 Cookie
agent.save_cookies('my_cookies.json')
# 访问受保护页面
content = agent.access_protected('https://example.com/dashboard')
print(content)
Cookie 安全注意事项
import hmac
import hashlib
import base64
class CookieSecurity:
@staticmethod
def sign_cookie(value, secret_key):
"""签名 Cookie 以防篡改"""
signature = hmac.new(
secret_key.encode(),
value.encode(),
hashlib.sha256
).hexdigest()
return f"{value}.{signature}"
@staticmethod
def verify_cookie(signed_value, secret_key):
"""验证 Cookie 签名"""
parts = signed_value.split('.')
if len(parts) != 2:
return None
value, signature = parts
expected_sig = hmac.new(
secret_key.encode(),
value.encode(),
hashlib.sha256
).hexdigest()
# 安全比较,防止时序攻击
if hmac.compare_digest(signature, expected_sig):
return value
return None
@staticmethod
def encrypt_cookie(value, key):
"""加密 Cookie 中的敏感信息"""
from cryptography.fernet import Fernet
f = Fernet(base64.urlsafe_b64encode(key.encode().ljust(32)[:32]))
return f.encrypt(value.encode()).decode()
@staticmethod
def decrypt_cookie(encrypted_value, key):
"""解密 Cookie"""
from cryptography.fernet import Fernet
f = Fernet(base64.urlsafe_b64encode(key.encode().ljust(32)[:32]))
return f.decrypt(encrypted_value.encode()).decode()
# 使用示例
security = CookieSecurity()
secret = "my_secret_key_123"
# 签名 Cookie
signed = security.sign_cookie("user_id=12345", secret)
print(f"签名后的 Cookie: {signed}")
# 验证 Cookie
verified = security.verify_cookie(signed, secret)
print(f"验证结果: {verified}")
使用 Flask 框架操作 Cookie
from flask import Flask, request, make_response
app = Flask(__name__)
@app.route('/set_cookie')
def set_cookie():
response = make_response("Cookie 已设置")
# 设置 Cookie
response.set_cookie(
'username',
'john',
max_age=3600, # 过期时间(秒)
expires=None, # 可选:具体的过期时间
path='/', # Cookie 路径
domain=None, # Cookie 域名
secure=False, # 是否仅 HTTPS
httponly=True, # 是否仅 HTTP(防止 JS 访问)
samesite='Lax' # SameSite 策略
)
return response
@app.route('/update_cookie')
def update_cookie():
response = make_response("Cookie 已更新")
response.set_cookie('username', 'jane')
return response
@app.route('/delete_cookie')
def delete_cookie():
response = make_response("Cookie 已删除")
response.delete_cookie('username')
return response
@app.route('/read_cookies')
def read_cookies():
# 读取所有 Cookie
cookies = request.cookies
username = cookies.get('username', '未设置')
return f"用户名: {username}"
if __name__ == '__main__':
app.run()
这些方法涵盖了 Python 中操作 Cookie 的主要场景,从简单的 HTTP 请求到 Web 框架的应用都有涉及,选择哪种方法取决于你的具体需求和使用场景。
