会话cookie未加密.它经过json编码，压缩，base64编码和加密签名.它使用 itsdangerous 软件包来完成此任务.会话cookie并不意味着在Flask之外方便阅读.您当然可以颠倒这个过程(分离签名，对其进行验证，对有效负载进行解码并对其进行解压缩). 但是，让Flask这样做并从应用程序进行日志记录会更有意义.

The session cookie is not encrypted. It is json encoded, compressed, base64 encoded, and cryptographically signed. It uses the itsdangerous package to accomplish this. The session cookie is not meant to be convenient to read outside Flask. You could of course reverse this process (separate the signature, validate it, decode the payload, and decompress it). However, it would make more sense to let Flask do this, and just do the logging from the app.

作为参考，cookie的格式为:

For reference, the format of the cookie is:

如果压缩数据(使用zlib)，
• 以.开头
• 数据(base64编码，可能已压缩，json编码)
• .分隔数据和签名
• 签名(默认为hmac)

• starts with . if the data is compressed (uses zlib)
• data (base64 encoded, possibly compressed, json encoded)
• . separates data and signature
• signature (hmac by default)

查看其危险和Flask的源将显示如果要尝试在Apache中阅读此内容，则需要反转的细节.

Looking in to the source for itsdangerous and Flask will show the specifics of what you would need to reverse if you were to try to read this in Apache.