擅长:python、mysql、java
<p>目前最简单的方法是使用<a href="http://packages.python.org/itsdangerous/">ItsDangerous</a>库:</p>
<blockquote>
<p>You can serialize and sign a user ID for unsubscribing of newsletters into URLs. This way you don’t need to generate one-time tokens and store them in the database. Same thing with any kind of activation link for accounts and similar things.</p>
</blockquote>
<p>您还可以嵌入一个时间戳,以便非常容易地设置时间段,而不必涉及数据库或队列。它都是加密签名的,所以你可以很容易地看到它是否被篡改了。</p>
<pre><code>>>> from itsdangerous import TimestampSigner
>>> s = TimestampSigner('secret-key')
>>> string = s.sign('foo')
>>> s.unsign(string, max_age=5)
Traceback (most recent call last):
...
itsdangerous.SignatureExpired: Signature age 15 > 5 seconds
</code></pre>