diff --git a/app.py b/app.py index f61ee585..8d3743e9 100755 --- a/app.py +++ b/app.py @@ -384,20 +384,23 @@ if USE_REDIS_SESSION: Session(app) print("✅ Flask-Session (Redis) 已初始化,支持多 Worker 共享 session") - # 确保 session 使用永久模式(解决 Flask-Session 0.8.0 默认 1 小时 TTL 问题) + # 确保 session 使用永久模式并刷新 TTL(解决 Flask-Session 0.8.0 TTL 问题) @app.before_request - def make_session_permanent(): - """每次请求开始时确保 session 是永久的,使用 PERMANENT_SESSION_LIFETIME 作为 TTL""" + def refresh_session_ttl(): + """ + 每次请求开始时: + 1. 确保 session 是永久的,使用 PERMANENT_SESSION_LIFETIME 作为 TTL + 2. 标记 session 为已修改,触发 Redis TTL 刷新 + + 注意:必须在 before_request 中设置 session.modified = True + 因为 Flask-Session 的 save_session 在 after_request 之前执行 + 如果在 after_request 中设置,TTL 不会被刷新 + """ from flask import session session.permanent = True - - # 确保每次请求后刷新 session TTL(解决 session 过早过期问题) - @app.after_request - def refresh_session(response): - """每次请求后标记 session 为已修改,触发 Redis TTL 刷新""" - from flask import session - session.modified = True - return response + # 只有当 session 中有用户数据时才刷新 TTL(避免为匿名用户创建 session) + if session.get('user_id') or session.get('_user_id'): + session.modified = True # 配置邮件 app.config['MAIL_SERVER'] = MAIL_SERVER diff --git a/nginx-110.42.32.207.conf b/nginx-110.42.32.207.conf index 2321ba78..69325eed 100644 --- a/nginx-110.42.32.207.conf +++ b/nginx-110.42.32.207.conf @@ -491,16 +491,19 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # 隐藏后端返回的 CORS 头(避免重复) + # 隐藏后端返回的可能冲突的头 proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header X-Content-Type-Options; + proxy_hide_header Cross-Origin-Resource-Policy; - # 统一添加 CORS 头 + # 解决 ORB 问题 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always; + add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always; proxy_cache_valid 200 1d; expires 1d; @@ -515,16 +518,19 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # 隐藏后端返回的 CORS 头(避免重复) + # 隐藏后端返回的可能冲突的头 proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header X-Content-Type-Options; + proxy_hide_header Cross-Origin-Resource-Policy; - # CORS 头(解决 ERR_BLOCKED_BY_ORB) + # 解决 ORB 问题 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always; + add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always; proxy_cache_valid 200 1d; expires 1d; @@ -618,16 +624,19 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # 隐藏后端返回的 CORS 头(避免重复) + # 隐藏后端返回的可能冲突的头 proxy_hide_header Access-Control-Allow-Origin; proxy_hide_header Access-Control-Allow-Credentials; proxy_hide_header Access-Control-Allow-Methods; proxy_hide_header Access-Control-Allow-Headers; + proxy_hide_header X-Content-Type-Options; + proxy_hide_header Cross-Origin-Resource-Policy; - # CORS 头(解决 ERR_BLOCKED_BY_ORB) + # 解决 ORB 问题 add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Origin, Content-Type, Accept' always; + add_header 'Cross-Origin-Resource-Policy' 'cross-origin' always; proxy_cache_valid 200 1d; proxy_cache_bypass $http_cache_control;