Adds server-side session support to your Quart application
Project description
Quart-Session
Quart-Session is an extension for Quart that adds support for server-side sessions to your application.
Based on flask-session.
Quick start
Quart-Session can be installed via pipenv or pip,
$ pipenv install quart-session
$ pip install quart-session
and requires Python 3.7.0 or higher. A minimal Quart-Session example is:
from quart import Quart, session
from quart_session import Session
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
Session(app)
@app.route('/')
async def hello():
session["foo"] = "bar"
return "session key 'foo' set"
@app.route('/foo')
async def foo():
return session.get("foo", "session key 'foo' not found")
app.run()
Features
Redis
via redis>=4.4.0.
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
Session(app)
By default, Quart-session connects to Redis at 127.0.0.1:6379. If you
have a different location, use SESSION_URI
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_URI'] = 'redis://:password@localhost:6379'
Alternatively, for extra control, you may provide your own aioredis.Client instance altogether.
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
@app.before_serving
async def setup():
cache = await aioredis.Redis(
host="foobar.com",
port=6379,
password="foobar"
)
app.config['SESSION_REDIS'] = cache
Session(app)
Trio
Quart-Session comes with an (experimental) Redis client for use with the Trio eventloop.
from quart_trio import QuartTrio
from quart_session.redis_trio.client import RedisTrio
app = QuartTrio(__name__)
app.config['SESSION_TYPE'] = 'redis'
Session(app)
Memcached
via aiomcache.
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'memcached'
Session(app)
MongoDB
via motor.
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'mongodb'
app.config['SESSION_MONGODB_URI'] = 'mongodb://localhost:27017/my_database'
app.config['SESSION_MONGODB_COLLECTION'] = 'sessions'
Session(app)
JSON serializer
flask-session uses pickle
for session data while Quart-Session uses a JSON serializer
capable of serializing the usual JSON types, as well as: Tuple, Bytes,
Markup, UUID, and DateTime.
JSON as session data allows for greater interoperability with other programs/languages that might want to read session data straight from a back-end.
If for some unholy reason you prefer pickle or your own serializer,
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
Session(app)
try:
import cPickle as pickle
except ImportError:
import pickle
app.session_interface.serialize = pickle
Back-end usage
At any point you may interface with the session back-end directly:
from quart_session.sessions import SessionInterface
@app.route("/")
async def hello():
cache: SessionInterface = app.session_interface
await cache.set("random_key", "val", expiry=3600)
data = await cache.get("random_key")
The interface will have the get, set, and delete methods available (regardless of
back-end - similar to how aiocache works).
Performance
flask-session sets a session for each incoming request, including static files. From experience, this often puts unneeded load on underlying session infrastructure, especially in high-traffic environments.
Quart-Session only contacts the back-end when a session changed (or created). In addition,
static file serves never emit a Set-Cookie header. If you'd like to enable
this though, set SESSION_STATIC_FILE to True.
Session pinning
Associates an user's session to his/her IP address. This mitigates cookie stealing via XSS etc, and is handy for web applications that require extra security.
app = Quart(__name__)
app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_PROTECTION'] = True
Session(app)
Session reuse from a different IP will now result in the creation of a new session, and the deletion of the old.
Important: If your application is behind a reverse proxy, it most
likely provides the X-Forwarded-For header which you must make use of
by explicitly setting SESSION_REVERSE_PROXY to True.
Future development
FileSystemSessionInterfaceGoogleCloudDatastoreSessionInterface- Pytest
Flask-Session
This library works very similarly to flask-session. The changes are specified below:
- Quart-Session does not emit a
Set-Cookieon every request. - Quart-Session does not emit a
Set-Cookieon static file serves. - Quart-Session uses a different serializer:
quart.json.tag.TaggedJSONSerializerinstead ofpickle. - Quart-Session disallows the client to supply their own made up
sidcookie value. - Quart-Session can do session protection.
- Quart-Session might not have all the back-end interfaces implemented (yet), such as "filesystem".
Help
Find the Quart folk on gitter or open an issue.
License
BSD
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file Quart-Session-3.0.0.tar.gz.
File metadata
- Download URL: Quart-Session-3.0.0.tar.gz
- Upload date:
- Size: 14.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b9c466c705773f13141b210ac6b20381b667c6a518e7aa49bb134cdde80f3bb6 |
|
| MD5 | 4899654afa467b5cd6c52aa013af8f97 |
|
| BLAKE2b-256 | 1c1587047bb2139166cd8ee7f18148b7d7cf58f60b71d27e978fd47f7db6fd2b |
