Python Requests Cookie发送与管理教程 | Cookie操作 Session 持久化

Cookie概述

Cookie是服务器发送到用户浏览器并保存在本地的一小块数据，它会在浏览器下次向同一服务器再发起请求时被携带并发送到服务器上。

Cookie基本概念

Cookie属性	示例	说明	重要性
`name=value`	`session_id=abc123`	Cookie的名称和值	必需
`Domain`	`Domain=.example.com`	Cookie生效的域名	重要
`Path`	`Path=/api`	Cookie生效的路径	一般
`Expires/Max-Age`	`Max-Age=3600`	Cookie过期时间	重要
`HttpOnly`	`HttpOnly`	防止JavaScript访问	安全
`Secure`	`Secure`	仅通过HTTPS传输	安全
`SameSite`	`SameSite=Lax`	防止CSRF攻击	安全

Requests中的Cookie表示：

字典形式 - {'name': 'value'}，简单但无法设置属性
CookieJar对象 - requests.cookies.RequestsCookieJar，完整支持Cookie属性
Cookie对象 - http.cookiejar.Cookie，标准库Cookie对象

Cookie属性详解

import requests
from http.cookiejar import Cookie

# 创建一个完整的Cookie对象
cookie = Cookie(
    version=0,
    name='session_id',
    value='abc123def456',
    port=None,
    port_specified=False,
    domain='.example.com',
    domain_specified=True,
    domain_initial_dot=True,
    path='/',
    path_specified=True,
    secure=True,
    expires=1704067200,  # 2024-01-01 00:00:00
    discard=False,
    comment=None,
    comment_url=None,
    rest={'HttpOnly': None, 'SameSite': 'Lax'},
    rfc2109=False
)

print(f"Cookie名称: {cookie.name}")
print(f"Cookie值: {cookie.value}")
print(f"域名: {cookie.domain}")
print(f"路径: {cookie.path}")
print(f"安全: {cookie.secure}")
print(f"过期时间: {cookie.expires}")
print(f"HttpOnly: {'HttpOnly' in cookie.rest}")
print(f"SameSite: {cookie.rest.get('SameSite', '未设置')}")

# 将Cookie对象添加到CookieJar
from requests.cookies import RequestsCookieJar

jar = RequestsCookieJar()
jar.set_cookie(cookie)

# 查看CookieJar中的Cookie
print(f"\nCookieJar中的Cookie数量: {len(jar)}")
for c in jar:
    print(f"  {c.name}: {c.value}")

发送Cookie

Requests提供了多种发送Cookie的方式，可以根据需求选择合适的方法。

方法1：使用cookies参数

import requests

url = "https://httpbin.org/cookies"

# 最简单的Cookie发送方式
cookies = {
    'session_id': 'abc123',
    'user_id': '456',
    'theme': 'dark'
}

response = requests.get(url, cookies=cookies)

print(f"状态码: {response.status_code}")
if response.status_code == 200:
    data = response.json()
    print(f"发送的Cookie: {data['cookies']}")

方法2：使用CookieJar

import requests
from requests.cookies import RequestsCookieJar

url = "https://httpbin.org/cookies"

# 创建CookieJar对象
jar = RequestsCookieJar()

# 添加Cookie（可以设置属性）
jar.set('session_id', 'abc123',
        domain='httpbin.org',
        path='/cookies')
jar.set('user_id', '456',
        domain='httpbin.org',
        path='/')

response = requests.get(url, cookies=jar)

print(f"状态码: {response.status_code}")
if response.status_code == 200:
    data = response.json()
    print(f"发送的Cookie: {data['cookies']}")

复杂的Cookie发送示例

import requests
import urllib.parse

url = "https://httpbin.org/cookies"

# 1. 包含特殊字符的Cookie
cookies = {
    'user_name': '张三',  # 中文字符
    'session_data': 'a=b&c=d',  # 包含特殊字符
    'json_data': '{"id": 123, "name": "test"}',  # JSON数据
    'empty_value': '',  # 空值
}

# 2. 从Cookie字符串解析
cookie_string = "session_id=abc123; user_id=456; theme=dark; expires=Fri, 01 Jan 2024 00:00:00 GMT"

# 解析Cookie字符串
parsed_cookies = {}
for item in cookie_string.split(';'):
    item = item.strip()
    if '=' in item:
        name, value = item.split('=', 1)
        parsed_cookies[name] = value
    else:
        # 处理属性（如expires, HttpOnly等）
        print(f"Cookie属性: {item}")

cookies.update(parsed_cookies)

# 3. 发送Cookie
response = requests.get(url, cookies=cookies)

print(f"状态码: {response.status_code}")
if response.status_code == 200:
    data = response.json()

    print("\n发送的Cookie:")
    for name, value in data['cookies'].items():
        print(f"  {name}: {value}")

    # 查看请求头中的Cookie
    print(f"\n请求头中的Cookie:")
    print(response.request.headers.get('Cookie', '无'))

Cookie发送注意事项：

自动编码 - Requests会自动对Cookie值进行URL编码
大小限制 - 单个Cookie通常不超过4KB
数量限制 - 每个域名通常不超过50个Cookie
属性限制 - 字典形式的Cookie无法设置属性（domain, path等）
敏感信息 - 避免在Cookie中存储敏感信息

接收Cookie

Requests可以从服务器响应中接收Cookie，并存储在响应对象的cookies属性中。

基本Cookie接收

import requests

# 测试服务器设置Cookie的端点
url_set = "https://httpbin.org/cookies/set"
url_get = "https://httpbin.org/cookies"

# 1. 服务器设置Cookie
response = requests.get(f"{url_set}/session_id/abc123")
print(f"设置Cookie状态码: {response.status_code}")

# 查看响应头中的Set-Cookie
print("Set-Cookie头:")
for header, value in response.headers.items():
    if header.lower() == 'set-cookie':
        print(f"  {value}")

# 2. 查看响应中的Cookie（通过重定向）
print(f"\n响应中的Cookie数量: {len(response.cookies)}")
for cookie in response.cookies:
    print(f"  {cookie.name}: {cookie.value}")
    print(f"    域名: {cookie.domain}")
    print(f"    路径: {cookie.path}")
    print(f"    过期: {cookie.expires}")

# 3. 使用接收到的Cookie发送请求
if response.cookies:
    # 创建一个新请求，使用接收到的Cookie
    cookies_dict = {c.name: c.value for c in response.cookies}

    response2 = requests.get(url_get, cookies=cookies_dict)
    print(f"\n使用接收到的Cookie请求状态码: {response2.status_code}")

    if response2.status_code == 200:
        data = response2.json()
        print(f"服务器接收到的Cookie: {data['cookies']}")

处理多个Cookie

import requests

url = "https://httpbin.org/cookies/set"

# 服务器设置多个Cookie（通过多个Set-Cookie头）
# 注意：httpbin的/set端点只能设置一个Cookie
# 我们使用多个请求来模拟

# 模拟服务器设置多个Cookie
cookie_endpoints = [
    f"{url}/session_id/abc123",
    f"{url}/user_id/456",
    f"{url}/theme/dark",
    f"{url}/language/zh-CN"
]

# 收集所有Cookie
all_cookies = {}

for endpoint in cookie_endpoints:
    response = requests.get(endpoint)

    # 将Cookie添加到字典
    for cookie in response.cookies:
        all_cookies[cookie.name] = cookie.value

    print(f"从 {endpoint} 获取Cookie: {response.cookies}")

print(f"\n收集到的所有Cookie: {all_cookies}")

# 使用所有Cookie发送请求
response = requests.get("https://httpbin.org/cookies", cookies=all_cookies)

if response.status_code == 200:
    data = response.json()
    print(f"\n服务器接收到的Cookie: {data['cookies']}")

    # 比较发送和接收的Cookie
    sent_count = len(all_cookies)
    received_count = len(data['cookies'])

    if sent_count == received_count:
        print("✓ 所有Cookie都成功发送并接收")
    else:
        print(f"⚠ Cookie数量不匹配: 发送{sent_count}个, 接收{received_count}个")

Cookie属性解析

import requests
from http.cookies import SimpleCookie

def parse_set_cookie_header(set_cookie_header):
    """解析Set-Cookie响应头"""
    cookie = SimpleCookie()
    cookie.load(set_cookie_header)

    parsed = {}
    for key, morsel in cookie.items():
        parsed[key] = {
            'value': morsel.value,
            'attributes': dict(morsel)
        }

    return parsed

# 模拟带属性的Set-Cookie头
set_cookie_headers = [
    'session_id=abc123; Path=/; HttpOnly; Secure; SameSite=Lax',
    'user_pref=dark_theme; Max-Age=3600; Domain=.example.com',
    'tracking_id=xyz789; Expires=Fri, 01 Jan 2024 00:00:00 GMT'
]

print("解析Set-Cookie头:")
for header in set_cookie_headers:
    print(f"\n原始头: {header}")

    parsed = parse_set_cookie_header(header)
    for name, info in parsed.items():
        print(f"  Cookie: {name}")
        print(f"    值: {info['value']}")
        print(f"    属性: {info['attributes']}")

# 实际从响应中解析
response = requests.get('https://httpbin.org/cookies/set/test/value')
set_cookie = response.headers.get('Set-Cookie', '')

if set_cookie:
    print(f"\n实际响应中的Set-Cookie: {set_cookie}")
    parsed = parse_set_cookie_header(set_cookie)
    print(f"解析结果: {parsed}")

Session自动管理Cookie

使用Session对象可以自动处理Cookie的发送和接收，简化Cookie管理。

不使用Session

import requests

# 不使用Session，需要手动管理Cookie
cookies = {}

# 第一次请求：获取Cookie
response1 = requests.get(
    'https://httpbin.org/cookies/set/session/abc123'
)
# 手动保存Cookie
for cookie in response1.cookies:
    cookies[cookie.name] = cookie.value

# 第二次请求：手动携带Cookie
response2 = requests.get(
    'https://httpbin.org/cookies',
    cookies=cookies
)

print(f"第一次请求状态码: {response1.status_code}")
print(f"第二次请求状态码: {response2.status_code}")
print(f"手动管理的Cookie: {cookies}")

使用Session

import requests

# 使用Session，自动管理Cookie
session = requests.Session()

# 第一次请求：自动保存Cookie
response1 = session.get(
    'https://httpbin.org/cookies/set/session/abc123'
)

# 第二次请求：自动携带Cookie
response2 = session.get('https://httpbin.org/cookies')

print(f"第一次请求状态码: {response1.status_code}")
print(f"第二次请求状态码: {response2.status_code}")

# 查看Session中的Cookie
print(f"Session中的Cookie数量: {len(session.cookies)}")
for cookie in session.cookies:
    print(f"  {cookie.name}: {cookie.value}")

使用Session的优势：

自动Cookie管理 - 无需手动保存和发送Cookie
跨请求保持状态 - 模拟浏览器会话行为
性能优化 - 连接池重用，减少连接建立时间
简化代码 - 减少重复的Cookie处理代码
属性保持 - 保持Cookie的domain、path等属性

完整Session示例

import requests

class CookieSession:
    """Cookie会话管理器"""

    def __init__(self):
        self.session = requests.Session()
        self.request_count = 0

    def request(self, method, url, **kwargs):
        """发送请求并记录Cookie"""
        self.request_count += 1

        print(f"\n=== 请求 #{self.request_count} ===")
        print(f"URL: {url}")
        print(f"方法: {method}")

        # 发送前的Cookie
        print(f"发送前Cookie数量: {len(self.session.cookies)}")

        # 发送请求
        response = self.session.request(method, url, **kwargs)

        # 发送后的Cookie
        print(f"发送后Cookie数量: {len(self.session.cookies)}")

        # 新接收的Cookie
        new_cookies = []
        for cookie in response.cookies:
            new_cookies.append(f"{cookie.name}={cookie.value}")

        if new_cookies:
            print(f"新接收的Cookie: {', '.join(new_cookies)}")

        return response

    def get_cookies(self):
        """获取当前所有Cookie"""
        cookies = {}
        for cookie in self.session.cookies:
            cookies[cookie.name] = {
                'value': cookie.value,
                'domain': cookie.domain,
                'path': cookie.path,
                'expires': cookie.expires
            }
        return cookies

    def clear_cookies(self):
        """清除所有Cookie"""
        self.session.cookies.clear()
        print("已清除所有Cookie")

    def close(self):
        """关闭Session"""
        self.session.close()
        print("Session已关闭")

# 使用示例
print("=== CookieSession 使用示例 ===")
cookie_session = CookieSession()

# 模拟登录流程
print("\n1. 访问登录页面")
response = cookie_session.request(
    'GET',
    'https://httpbin.org/cookies/set/session_id/login_abc123'
)

print("\n2. 提交登录表单")
response = cookie_session.request(
    'POST',
    'https://httpbin.org/cookies/set/user_id/456',
    data={'username': 'test', 'password': 'test123'}
)

print("\n3. 访问需要认证的页面")
response = cookie_session.request(
    'GET',
    'https://httpbin.org/cookies'
)

if response.status_code == 200:
    data = response.json()
    print(f"服务器接收到的Cookie: {data['cookies']}")

print("\n4. 获取所有Cookie")
all_cookies = cookie_session.get_cookies()
print(f"当前管理的Cookie:")
for name, info in all_cookies.items():
    print(f"  {name}: {info['value']} (domain: {info['domain']})")

# 清理
cookie_session.clear_cookies()
cookie_session.close()

Session的Cookie策略

import requests
from requests.cookies import RequestsCookieJar

class SmartSession:
    """智能Session，提供更灵活的Cookie管理"""

    def __init__(self, cookie_policy='strict'):
        """
        cookie_policy:
          - 'strict': 严格遵循Cookie属性（domain, path等）
          - 'lax': 宽松策略，忽略部分属性
          - 'none': 不自动管理Cookie
        """
        self.session = requests.Session()
        self.cookie_policy = cookie_policy
        self.cookie_history = []  # 记录Cookie变化

    def _should_send_cookie(self, cookie, url):
        """判断是否应该发送Cookie"""
        if self.cookie_policy == 'none':
            return False

        # 解析URL
        from urllib.parse import urlparse
        parsed_url = urlparse(url)

        # 检查domain
        if cookie.domain:
            if self.cookie_policy == 'strict':
                # 严格模式：检查domain匹配
                if not parsed_url.netloc.endswith(cookie.domain.lstrip('.')):
                    return False
            # 宽松模式：忽略domain检查

        # 检查path
        if cookie.path:
            if not parsed_url.path.startswith(cookie.path):
                return False

        # 检查secure
        if cookie.secure and not parsed_url.scheme == 'https':
            return False

        # 检查过期
        if cookie.expires and cookie.expires < time.time():
            return False

        return True

    def request(self, method, url, cookies=None, **kwargs):
        """发送请求"""

        # 如果提供了cookies参数，添加到请求中
        request_cookies = RequestsCookieJar()

        # 添加Session管理的Cookie（根据策略）
        if self.cookie_policy != 'none':
            for cookie in self.session.cookies:
                if self._should_send_cookie(cookie, url):
                    request_cookies.set_cookie(cookie)

        # 添加用户提供的Cookie
        if cookies:
            if isinstance(cookies, dict):
                for name, value in cookies.items():
                    request_cookies.set(name, value)
            elif isinstance(cookies, RequestsCookieJar):
                for cookie in cookies:
                    request_cookies.set_cookie(cookie)

        # 记录发送前的状态
        before_count = len(self.session.cookies)

        # 发送请求
        response = self.session.request(
            method, url,
            cookies=request_cookies if request_cookies else None,
            **kwargs
        )

        # 记录变化
        after_count = len(self.session.cookies)
        new_cookies = after_count - before_count

        self.cookie_history.append({
            'url': url,
            'method': method,
            'cookies_sent': len(request_cookies),
            'cookies_received': new_cookies,
            'timestamp': time.time()
        })

        return response

    def get_cookie_report(self):
        """获取Cookie报告"""
        report = {
            'total_requests': len(self.cookie_history),
            'total_cookies_sent': sum(h['cookies_sent'] for h in self.cookie_history),
            'total_cookies_received': sum(h['cookies_received'] for h in self.cookie_history),
            'current_cookies': len(self.session.cookies),
            'policy': self.cookie_policy
        }
        return report

# 使用示例
import time

print("=== SmartSession 使用示例 ===")
smart_session = SmartSession(cookie_policy='strict')

# 发送几个请求
urls = [
    'https://httpbin.org/cookies/set/test1/value1',
    'https://httpbin.org/cookies/set/test2/value2',
    'https://httpbin.org/headers'
]

for i, url in enumerate(urls):
    print(f"\n请求 {i+1}: {url}")
    response = smart_session.request('GET', url)
    print(f"状态码: {response.status_code}")

# 获取报告
report = smart_session.get_cookie_report()
print(f"\nCookie报告:")
for key, value in report.items():
    print(f"  {key}: {value}")

smart_session.session.close()

CookieJar对象

CookieJar是Requests中管理Cookie的核心对象，它提供了完整的Cookie存储和管理功能。

CookieJar基本操作

import requests
from requests.cookies import RequestsCookieJar

# 创建CookieJar
jar = RequestsCookieJar()

print(f"空的CookieJar: {jar}")
print(f"Cookie数量: {len(jar)}")

# 添加Cookie（简单方式）
jar.set('session_id', 'abc123')
jar.set('user_id', '456', domain='example.com')
jar.set('theme', 'dark', path='/admin', secure=True)

print(f"\n添加Cookie后:")
print(f"Cookie数量: {len(jar)}")

# 遍历Cookie
for cookie in jar:
    print(f"\nCookie: {cookie.name}")
    print(f"  值: {cookie.value}")
    print(f"  域名: {cookie.domain}")
    print(f"  路径: {cookie.path}")
    print(f"  安全: {cookie.secure}")
    print(f"  过期: {cookie.expires}")

# 获取特定Cookie
session_cookie = jar.get('session_id')
if session_cookie:
    print(f"\n获取session_id: {session_cookie.value}")

# 检查Cookie是否存在
print(f"\n检查Cookie存在:")
print(f"  session_id 存在: {'session_id' in jar}")
print(f"  not_exist 存在: {'not_exist' in jar}")

# 删除Cookie
if 'theme' in jar:
    jar.clear('theme')
    print(f"\n删除theme后数量: {len(jar)}")

# 清空所有Cookie
jar.clear()
print(f"清空后数量: {len(jar)}")

CookieJar高级操作

import requests
from requests.cookies import RequestsCookieJar
from http.cookiejar import Cookie

# 创建两个CookieJar并合并
jar1 = RequestsCookieJar()
jar1.set('cookie1', 'value1', domain='example.com')

jar2 = RequestsCookieJar()
jar2.set('cookie2', 'value2', domain='example.org')
jar2.set('cookie1', 'updated_value', domain='example.com')  # 覆盖

# 合并CookieJar
jar1.update(jar2)
print(f"合并后Cookie数量: {len(jar1)}")
for cookie in jar1:
    print(f"  {cookie.name}: {cookie.value} (domain: {cookie.domain})")

# 从字典创建CookieJar
cookie_dict = {
    'session': 'abc123',
    'user': 'john_doe',
    'prefs': 'dark_mode'
}

jar_from_dict = RequestsCookieJar()
for name, value in cookie_dict.items():
    jar_from_dict.set(name, value)

print(f"\n从字典创建的CookieJar:")
for cookie in jar_from_dict:
    print(f"  {cookie.name}: {cookie.value}")

# CookieJar转换为字典
cookie_dict_back = {cookie.name: cookie.value for cookie in jar_from_dict}
print(f"\n转换回字典: {cookie_dict_back}")

# 过滤Cookie
def filter_cookies_by_domain(jar, domain_pattern):
    """根据域名过滤Cookie"""
    filtered = RequestsCookieJar()
    for cookie in jar:
        if cookie.domain and domain_pattern in cookie.domain:
            filtered.set_cookie(cookie)
    return filtered

# 使用示例
jar = RequestsCookieJar()
jar.set('global', 'value1', domain='.example.com')
jar.set('sub', 'value2', domain='api.example.com')
jar.set('other', 'value3', domain='other.com')

filtered = filter_cookies_by_domain(jar, 'example.com')
print(f"\n过滤example.com域名的Cookie:")
for cookie in filtered:
    print(f"  {cookie.name}: {cookie.value} (domain: {cookie.domain})")

# Cookie过期管理
import time

def remove_expired_cookies(jar):
    """移除过期的Cookie"""
    current_time = time.time()
    expired = []

    for cookie in jar:
        if cookie.expires and cookie.expires < current_time:
            expired.append(cookie.name)

    for name in expired:
        jar.clear(name)

    return expired

# 设置一些会过期的Cookie
jar.set('temp1', 'value1', expires=time.time() + 10)  # 10秒后过期
jar.set('temp2', 'value2', expires=time.time() - 10)  # 已过期
jar.set('perm', 'value3')  # 不过期

print(f"\n过期Cookie检查:")
expired = remove_expired_cookies(jar)
print(f"  移除的过期Cookie: {expired}")
print(f"  剩余Cookie数量: {len(jar)}")

Cookie持久化存储

将Cookie保存到文件或数据库，以便在不同运行会话之间保持登录状态。

方法1：文件存储

import pickle
import requests
from requests.cookies import RequestsCookieJar

def save_cookies_to_file(cookie_jar, filename):
    """保存CookieJar到文件"""
    with open(filename, 'wb') as f:
        pickle.dump(cookie_jar, f)
    print(f"Cookie已保存到 {filename}")

def load_cookies_from_file(filename):
    """从文件加载CookieJar"""
    try:
        with open(filename, 'rb') as f:
            cookie_jar = pickle.load(f)
        print(f"Cookie已从 {filename} 加载")
        return cookie_jar
    except FileNotFoundError:
        print(f"文件 {filename} 不存在，返回空的CookieJar")
        return RequestsCookieJar()

# 使用示例
session = requests.Session()

# 获取一些Cookie
session.get('https://httpbin.org/cookies/set/test_cookie/persisted_value')

# 保存Cookie
save_cookies_to_file(session.cookies, 'cookies.pkl')

# 新会话中加载
new_session = requests.Session()
new_session.cookies = load_cookies_from_file('cookies.pkl')

# 验证加载的Cookie
response = new_session.get('https://httpbin.org/cookies')
if response.status_code == 200:
    data = response.json()
    print(f"加载的Cookie: {data.get('cookies', {})}")

方法2：JSON存储

import json
import requests
from requests.cookies import RequestsCookieJar
from http.cookiejar import Cookie

class JSONCookieStorage:
    """JSON格式的Cookie存储"""

    @staticmethod
    def save(cookie_jar, filename):
        """保存CookieJar为JSON"""
        cookies_data = []

        for cookie in cookie_jar:
            cookie_dict = {
                'name': cookie.name,
                'value': cookie.value,
                'domain': cookie.domain,
                'path': cookie.path,
                'expires': cookie.expires,
                'secure': cookie.secure,
                'rest': cookie.rest
            }
            cookies_data.append(cookie_dict)

        with open(filename, 'w', encoding='utf-8') as f:
            json.dump(cookies_data, f, indent=2, ensure_ascii=False)

        print(f"Cookie已保存为JSON到 {filename}")

    @staticmethod
    def load(filename):
        """从JSON加载CookieJar"""
        jar = RequestsCookieJar()

        try:
            with open(filename, 'r', encoding='utf-8') as f:
                cookies_data = json.load(f)

            for cookie_dict in cookies_data:
                cookie = Cookie(
                    version=0,
                    name=cookie_dict['name'],
                    value=cookie_dict['value'],
                    port=None,
                    port_specified=False,
                    domain=cookie_dict['domain'],
                    domain_specified=bool(cookie_dict['domain']),
                    domain_initial_dot=cookie_dict['domain'].startswith('.') if cookie_dict['domain'] else False,
                    path=cookie_dict['path'],
                    path_specified=bool(cookie_dict['path']),
                    secure=cookie_dict['secure'],
                    expires=cookie_dict['expires'],
                    discard=False,
                    comment=None,
                    comment_url=None,
                    rest=cookie_dict.get('rest', {}),
                    rfc2109=False
                )
                jar.set_cookie(cookie)

            print(f"Cookie已从JSON文件 {filename} 加载")
        except FileNotFoundError:
            print(f"文件 {filename} 不存在")

        return jar

完整的Cookie管理器

import pickle
import json
import sqlite3
import hashlib
import requests
from typing import Optional, Dict, Any
from requests.cookies import RequestsCookieJar

class PersistentCookieManager:
    """持久的Cookie管理器"""

    def __init__(self, storage_type='file', storage_path='cookies.db'):
        """
        storage_type: 'file' (pickle), 'json', 'sqlite'
        """
        self.storage_type = storage_type
        self.storage_path = storage_path
        self.sessions = {}  # 存储多个会话的Cookie

    def save_session(self, session_name: str, session: requests.Session) -> bool:
        """保存会话的Cookie"""
        if session_name not in self.sessions:
            self.sessions[session_name] = {}

        # 提取Cookie信息
        cookies_info = []
        for cookie in session.cookies:
            cookies_info.append({
                'name': cookie.name,
                'value': cookie.value,
                'domain': cookie.domain,
                'path': cookie.path,
                'expires': cookie.expires,
                'secure': cookie.secure,
                'httponly': 'HttpOnly' in cookie.rest
            })

        self.sessions[session_name] = {
            'cookies': cookies_info,
            'timestamp': time.time(),
            'user_agent': session.headers.get('User-Agent', '')
        }

        # 保存到存储
        return self._save_to_storage()

    def load_session(self, session_name: str) -> Optional[requests.Session]:
        """加载会话的Cookie"""
        if not self.sessions:
            self._load_from_storage()

        if session_name not in self.sessions:
            print(f"会话 {session_name} 不存在")
            return None

        # 创建新Session并设置Cookie
        session = requests.Session()
        session_info = self.sessions[session_name]

        # 设置User-Agent
        if session_info['user_agent']:
            session.headers['User-Agent'] = session_info['user_agent']

        # 添加Cookie
        for cookie_info in session_info['cookies']:
            jar = session.cookies

            # 创建Cookie对象
            from http.cookiejar import Cookie
            cookie = Cookie(
                version=0,
                name=cookie_info['name'],
                value=cookie_info['value'],
                port=None,
                port_specified=False,
                domain=cookie_info['domain'],
                domain_specified=bool(cookie_info['domain']),
                domain_initial_dot=cookie_info['domain'].startswith('.') if cookie_info['domain'] else False,
                path=cookie_info['path'],
                path_specified=bool(cookie_info['path']),
                secure=cookie_info['secure'],
                expires=cookie_info['expires'],
                discard=False,
                comment=None,
                comment_url=None,
                rest={'HttpOnly': None} if cookie_info.get('httponly') else {},
                rfc2109=False
            )
            jar.set_cookie(cookie)

        print(f"已加载会话 {session_name}，包含 {len(session_info['cookies'])} 个Cookie")
        return session

    def _save_to_storage(self) -> bool:
        """保存到存储"""
        try:
            if self.storage_type == 'file':
                with open(self.storage_path, 'wb') as f:
                    pickle.dump(self.sessions, f)
            elif self.storage_type == 'json':
                with open(self.storage_path, 'w', encoding='utf-8') as f:
                    json.dump(self.sessions, f, indent=2, ensure_ascii=False)
            elif self.storage_type == 'sqlite':
                self._save_to_sqlite()
            else:
                raise ValueError(f"不支持的存储类型: {self.storage_type}")

            print(f"Cookie已保存到 {self.storage_path}")
            return True

        except Exception as e:
            print(f"保存Cookie失败: {e}")
            return False

    def _load_from_storage(self) -> bool:
        """从存储加载"""
        try:
            if self.storage_type == 'file':
                with open(self.storage_path, 'rb') as f:
                    self.sessions = pickle.load(f)
            elif self.storage_type == 'json':
                with open(self.storage_path, 'r', encoding='utf-8') as f:
                    self.sessions = json.load(f)
            elif self.storage_type == 'sqlite':
                self._load_from_sqlite()
            else:
                raise ValueError(f"不支持的存储类型: {self.storage_type}")

            print(f"Cookie已从 {self.storage_path} 加载")
            return True

        except FileNotFoundError:
            print(f"存储文件 {self.storage_path} 不存在")
            self.sessions = {}
            return False
        except Exception as e:
            print(f"加载Cookie失败: {e}")
            self.sessions = {}
            return False

    def _save_to_sqlite(self):
        """保存到SQLite数据库"""
        conn = sqlite3.connect(self.storage_path)
        cursor = conn.cursor()

        # 创建表
        cursor.execute('''
            CREATE TABLE IF NOT EXISTS sessions (
                id INTEGER PRIMARY KEY AUTOINCREMENT,
                name TEXT UNIQUE,
                user_agent TEXT,
                timestamp REAL,
                cookies_json TEXT
            )
        ''')

        # 保存每个会话
        for name, data in self.sessions.items():
            cookies_json = json.dumps(data['cookies'], ensure_ascii=False)
            cursor.execute('''
                INSERT OR REPLACE INTO sessions (name, user_agent, timestamp, cookies_json)
                VALUES (?, ?, ?, ?)
            ''', (name, data['user_agent'], data['timestamp'], cookies_json))

        conn.commit()
        conn.close()

    def _load_from_sqlite(self):
        """从SQLite数据库加载"""
        conn = sqlite3.connect(self.storage_path)
        cursor = conn.cursor()

        cursor.execute('''
            SELECT name, user_agent, timestamp, cookies_json
            FROM sessions
        ''')

        for row in cursor.fetchall():
            name, user_agent, timestamp, cookies_json = row
            cookies = json.loads(cookies_json)
            self.sessions[name] = {
                'cookies': cookies,
                'timestamp': timestamp,
                'user_agent': user_agent
            }

        conn.close()

    def list_sessions(self):
        """列出所有保存的会话"""
        if not self.sessions:
            self._load_from_storage()

        print("保存的会话:")
        for name, data in self.sessions.items():
            age = time.time() - data['timestamp']
            print(f"  {name}: {len(data['cookies'])} 个Cookie, {age:.0f} 秒前")

    def delete_session(self, session_name: str) -> bool:
        """删除会话"""
        if session_name in self.sessions:
            del self.sessions[session_name]
            self._save_to_storage()
            print(f"已删除会话 {session_name}")
            return True
        return False

# 使用示例
import time

print("=== PersistentCookieManager 使用示例 ===")

# 创建管理器
manager = PersistentCookieManager(storage_type='json', storage_path='sessions.json')

# 创建并保存一个会话
session1 = requests.Session()
session1.headers['User-Agent'] = 'TestClient/1.0'

# 模拟获取Cookie
session1.get('https://httpbin.org/cookies/set/login_token/abc123')
session1.get('https://httpbin.org/cookies/set/user_id/456')

# 保存会话
manager.save_session('test_user', session1)

# 列出所有会话
manager.list_sessions()

# 加载会话
loaded_session = manager.load_session('test_user')
if loaded_session:
    response = loaded_session.get('https://httpbin.org/cookies')
    if response.status_code == 200:
        data = response.json()
        print(f"加载的会话Cookie: {data.get('cookies', {})}")

# 清理测试文件
import os
if os.path.exists('sessions.json'):
    os.remove('sessions.json')
    print("\n已清理测试文件")

Cookie安全

Cookie安全对于保护用户会话和敏感信息至关重要。

Cookie安全风险：

会话劫持 - 攻击者窃取Cookie冒充用户
跨站脚本(XSS) - 通过JavaScript窃取Cookie
跨站请求伪造(CSRF) - 利用用户的Cookie发起恶意请求
信息泄露 - Cookie中存储敏感信息
中间人攻击 - 在传输过程中窃取Cookie

安全Cookie设置

import requests
from requests.cookies import RequestsCookieJar

class SecureCookieManager:
    """安全的Cookie管理器"""

    @staticmethod
    def create_secure_cookie_jar():
        """创建安全的CookieJar"""
        jar = RequestsCookieJar()

        # 安全Cookie示例
        secure_cookies = {
            'session_id': {
                'value': 'encrypted_session_data',
                'secure': True,      # 仅HTTPS
                'httponly': True,    # 防止JavaScript访问
                'samesite': 'Strict', # 防止CSRF
                'path': '/',
                'max_age': 3600      # 1小时过期
            },
            'xsrf_token': {
                'value': 'random_token_123',
                'secure': True,
                'httponly': False,   # 需要JavaScript访问
                'samesite': 'Strict',
                'path': '/'
            }
        }

        for name, attrs in secure_cookies.items():
            jar.set(
                name,
                attrs['value'],
                secure=attrs.get('secure', False),
                path=attrs.get('path', '/')
            )

            # 设置HttpOnly和SameSite（需要特殊处理）
            cookie = jar.get(name)
            if cookie:
                rest = cookie.rest.copy()
                if attrs.get('httponly'):
                    rest['HttpOnly'] = None
                if attrs.get('samesite'):
                    rest['SameSite'] = attrs['samesite']
                cookie.rest = rest

        return jar

    @staticmethod
    def validate_cookie_security(cookie_jar):
        """验证Cookie的安全性"""
        security_issues = []

        for cookie in cookie_jar:
            issues = []

            # 检查Secure标志（仅对HTTPS必要）
            if 'secure' not in cookie.rest and cookie.secure is not True:
                issues.append('缺少Secure标志')

            # 检查HttpOnly（会话Cookie应该设置）
            if 'HttpOnly' not in cookie.rest and cookie.name.startswith('session'):
                issues.append('会话Cookie缺少HttpOnly')

            # 检查SameSite
            if 'SameSite' not in cookie.rest:
                issues.append('缺少SameSite标志')

            # 检查过期时间
            if cookie.expires is None:
                issues.append('没有设置过期时间（会话Cookie除外）')

            if issues:
                security_issues.append({
                    'cookie': cookie.name,
                    'issues': issues
                })

        return security_issues

    @staticmethod
    def encrypt_cookie_value(value, secret_key):
        """加密Cookie值"""
        import hashlib
        import hmac

        # 使用HMAC签名
        signature = hmac.new(
            secret_key.encode('utf-8'),
            value.encode('utf-8'),
            hashlib.sha256
        ).hexdigest()

        # 组合值和签名
        encrypted = f"{value}:{signature}"
        return encrypted

    @staticmethod
    def decrypt_cookie_value(encrypted_value, secret_key):
        """解密并验证Cookie值"""
        import hashlib
        import hmac

        if ':' not in encrypted_value:
            return None

        value, signature = encrypted_value.rsplit(':', 1)

        # 验证签名
        expected_signature = hmac.new(
            secret_key.encode('utf-8'),
            value.encode('utf-8'),
            hashlib.sha256
        ).hexdigest()

        if hmac.compare_digest(signature, expected_signature):
            return value
        else:
            return None

# 使用示例
print("=== 安全Cookie示例 ===")

# 创建安全CookieJar
secure_jar = SecureCookieManager.create_secure_cookie_jar()

print("安全CookieJar内容:")
for cookie in secure_jar:
    print(f"\n{cookie.name}:")
    print(f"  值: {cookie.value}")
    print(f"  Secure: {cookie.secure}")
    print(f"  HttpOnly: {'HttpOnly' in cookie.rest}")
    print(f"  SameSite: {cookie.rest.get('SameSite', '未设置')}")

# 验证安全性
issues = SecureCookieManager.validate_cookie_security(secure_jar)
if issues:
    print("\n安全性问题:")
    for issue in issues:
        print(f"  Cookie '{issue['cookie']}': {', '.join(issue['issues'])}")
else:
    print("\n✓ 所有Cookie都符合安全要求")

# Cookie加密示例
secret_key = "my_secret_key_123"
original_value = "user_id=123&role=admin"

encrypted = SecureCookieManager.encrypt_cookie_value(original_value, secret_key)
print(f"\n加密前: {original_value}")
print(f"加密后: {encrypted}")

decrypted = SecureCookieManager.decrypt_cookie_value(encrypted, secret_key)
print(f"解密后: {decrypted}")

# 测试篡改
tampered = encrypted.replace('admin', 'hacker')
decrypted_tampered = SecureCookieManager.decrypt_cookie_value(tampered, secret_key)
print(f"篡改后解密: {decrypted_tampered} (应该为None)")

高级Cookie操作

1. 域名和路径匹配

import requests
from urllib.parse import urlparse

class DomainPathMatcher:
    """域名和路径匹配器"""

    @staticmethod
    def domain_matches(cookie_domain, request_domain):
        """检查域名是否匹配"""
        if not cookie_domain:
            return True

        # 移除开头的点
        cookie_domain = cookie_domain.lstrip('.')

        # 检查完全匹配或后缀匹配
        if cookie_domain == request_domain:
            return True

        # 检查子域名匹配
        if request_domain.endswith('.' + cookie_domain):
            return True

        return False

    @staticmethod
    def path_matches(cookie_path, request_path):
        """检查路径是否匹配"""
        if not cookie_path:
            return True

        # Cookie路径应该是请求路径的前缀
        if request_path.startswith(cookie_path):
            # 特殊处理：如果cookie_path不以/结尾，且request_path不是精确匹配
            if cookie_path.endswith('/'):
                return True
            elif request_path == cookie_path:
                return True
            elif request_path.startswith(cookie_path + '/'):
                return True

        return False

    @staticmethod
    def get_cookies_for_url(cookie_jar, url):
        """获取适用于指定URL的Cookie"""
        parsed = urlparse(url)
        domain = parsed.netloc
        path = parsed.path or '/'

        matching_cookies = []

        for cookie in cookie_jar:
            # 检查域名
            if not DomainPathMatcher.domain_matches(cookie.domain, domain):
                continue

            # 检查路径
            if not DomainPathMatcher.path_matches(cookie.path, path):
                continue

            # 检查Secure标志
            if cookie.secure and parsed.scheme != 'https':
                continue

            # 检查过期
            if cookie.expires and cookie.expires < time.time():
                continue

            matching_cookies.append(cookie)

        return matching_cookies

# 使用示例
import time

print("=== 域名和路径匹配示例 ===")

# 创建测试CookieJar
jar = requests.cookies.RequestsCookieJar()
jar.set('global_cookie', 'value1', domain='.example.com', path='/')
jar.set('api_cookie', 'value2', domain='api.example.com', path='/api')
jar.set('secure_cookie', 'value3', domain='secure.example.com', path='/', secure=True)
jar.set('expired_cookie', 'value4', domain='example.com', path='/', expires=time.time()-3600)

# 测试不同URL
test_urls = [
    'https://www.example.com/',
    'https://api.example.com/api/users',
    'http://example.com/',  # 非HTTPS
    'https://secure.example.com/admin',
]

for url in test_urls:
    print(f"\nURL: {url}")
    matching = DomainPathMatcher.get_cookies_for_url(jar, url)

    if matching:
        for cookie in matching:
            print(f"  匹配: {cookie.name} (domain={cookie.domain}, path={cookie.path})")
    else:
        print("  没有匹配的Cookie")

2. Cookie监控和审计

import requests
import time
from typing import Dict, List
from collections import defaultdict

class CookieAuditor:
    """Cookie监控和审计器"""

    def __init__(self):
        self.history = []
        self.domain_stats = defaultdict(lambda: {'sent': 0, 'received': 0})
        self.cookie_names = set()

    def monitor_session(self, session: requests.Session):
        """监控Session的Cookie活动"""
        original_request = session.request

        def monitored_request(method, url, **kwargs):
            # 记录请求前状态
            before_cookies = {c.name: c.value for c in session.cookies}

            # 发送请求
            response = original_request(method, url, **kwargs)

            # 记录请求后状态
            after_cookies = {c.name: c.value for c in session.cookies}

            # 分析变化
            sent_cookies = kwargs.get('cookies', {})
            if isinstance(sent_cookies, dict):
                sent_count = len(sent_cookies)
            elif hasattr(sent_cookies, '__len__'):
                sent_count = len(sent_cookies)
            else:
                sent_count = 0

            received_cookies = []
            for name in set(after_cookies.keys()) - set(before_cookies.keys()):
                received_cookies.append(name)
                self.cookie_names.add(name)

            # 更新域名统计
            from urllib.parse import urlparse
            domain = urlparse(url).netloc

            self.domain_stats[domain]['sent'] += sent_count
            self.domain_stats[domain]['received'] += len(received_cookies)

            # 记录历史
            self.history.append({
                'timestamp': time.time(),
                'method': method,
                'url': url,
                'status_code': response.status_code,
                'cookies_sent': sent_count,
                'cookies_received': received_cookies,
                'domain': domain
            })

            return response

        # 替换Session的request方法
        session.request = monitored_request
        return session

    def get_report(self) -> Dict:
        """获取审计报告"""
        total_requests = len(self.history)
        total_sent = sum(h['cookies_sent'] for h in self.history)
        total_received = sum(len(h['cookies_received']) for h in self.history)

        # 最活跃的域名
        domains_by_activity = sorted(
            self.domain_stats.items(),
            key=lambda x: x[1]['sent'] + x[1]['received'],
            reverse=True
        )[:5]

        # Cookie使用统计
        cookie_usage = defaultdict(int)
        for h in self.history:
            for cookie_name in h['cookies_received']:
                cookie_usage[cookie_name] += 1

        most_common_cookies = sorted(
            cookie_usage.items(),
            key=lambda x: x[1],
            reverse=True
        )[:5]

        return {
            'total_requests': total_requests,
            'total_cookies_sent': total_sent,
            'total_cookies_received': total_received,
            'unique_cookie_names': len(self.cookie_names),
            'most_active_domains': dict(domains_by_activity),
            'most_common_cookies': dict(most_common_cookies),
            'time_period': {
                'start': min(h['timestamp'] for h in self.history) if self.history else 0,
                'end': max(h['timestamp'] for h in self.history) if self.history else 0
            }
        }

    def print_report(self):
        """打印审计报告"""
        report = self.get_report()

        print("=== Cookie审计报告 ===")
        print(f"总请求数: {report['total_requests']}")
        print(f"发送的Cookie总数: {report['total_cookies_sent']}")
        print(f"接收的Cookie总数: {report['total_cookies_received']}")
        print(f"唯一的Cookie名称: {report['unique_cookie_names']}")

        if report['time_period']['start']:
            duration = report['time_period']['end'] - report['time_period']['start']
            print(f"监控时长: {duration:.0f} 秒")

        print("\n最活跃的域名:")
        for domain, stats in report['most_active_domains'].items():
            print(f"  {domain}: 发送{stats['sent']}, 接收{stats['received']}")

        print("\n最常见的Cookie:")
        for name, count in report['most_common_cookies'].items():
            print(f"  {name}: {count} 次")

# 使用示例
print("=== Cookie审计示例 ===")

# 创建Session和监控器
session = requests.Session()
auditor = CookieAuditor()

# 监控Session
monitored_session = auditor.monitor_session(session)

# 模拟一些请求
urls = [
    'https://httpbin.org/cookies/set/test1/value1',
    'https://httpbin.org/cookies/set/test2/value2',
    'https://httpbin.org/cookies',
    'https://httpbin.org/cookies/delete?test1',
    'https://httpbin.org/cookies'
]

for i, url in enumerate(urls):
    print(f"\n请求 {i+1}: {url}")
    response = monitored_session.get(url)
    print(f"状态码: {response.status_code}")

# 获取报告
print("\n")
auditor.print_report()

# 关闭Session
session.close()

Python Requests库

Requests Cookie的发送与管理

本页内容

Cookie概述

Cookie基本概念

Requests中的Cookie表示：

Cookie属性详解

发送Cookie

复杂的Cookie发送示例

Cookie发送注意事项：

接收Cookie

基本Cookie接收

处理多个Cookie

Cookie属性解析

Session自动管理Cookie

使用Session的优势：

完整Session示例

Session的Cookie策略

Cookie持久化存储

完整的Cookie管理器

Cookie安全

Cookie安全风险：

安全Cookie设置

高级Cookie操作

1. 域名和路径匹配

2. Cookie监控和审计

总结

Python Requests库

Requests Cookie的发送与管理

Cookie Jar

本页内容

Cookie概述

Cookie工作流程

Cookie基本概念

Requests中的Cookie表示：

Cookie属性详解

发送Cookie

复杂的Cookie发送示例

Cookie发送注意事项：

接收Cookie

基本Cookie接收

处理多个Cookie

Cookie属性解析

Session自动管理Cookie

使用Session的优势：

完整Session示例

Session的Cookie策略

CookieJar对象

CookieJar基本操作

CookieJar高级操作

Cookie持久化存储

完整的Cookie管理器

Cookie安全

Cookie安全风险：

安全Cookie设置

高级Cookie操作

1. 域名和路径匹配

2. Cookie监控和审计

总结