Skip to main content

sessions for aiohttp.web

Project description

aiohttp_session

https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master https://readthedocs.org/projects/aiohttp-session/badge/?version=latest https://img.shields.io/pypi/v/aiohttp-session.svg

The library provides sessions for aiohttp.web.

Usage

The library allows us to store user-specific data into a session object.

The session object has a dict-like interface (operations like session[key] = value, value = session[key] etc. are present).

Before processing the session in a web-handler, you have to register the session middleware in aiohttp.web.Application.

A trivial usage example:

import time
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage


async def handler(request):
    session = await get_session(request)
    last_visit = session['last_visit'] if 'last_visit' in session else None
    session['last_visit'] = time.time()
    text = 'Last visited: {}'.format(last_visit)
    return web.Response(text=text)


def make_app():
    app = web.Application()
    fernet_key = fernet.Fernet.generate_key()
    f = fernet.Fernet(fernet_key)
    setup(app, EncryptedCookieStorage(f))
    app.router.add_get('/', handler)
    return app


web.run_app(make_app())

All storages use an HTTP Cookie named AIOHTTP_SESSION for storing data. This can be modified by passing the keyword argument cookie_name to the storage class of your choice.

Available session storages are:

  • aiohttp_session.SimpleCookieStorage() – keeps session data as a plain JSON string in the cookie body. Use the storage only for testing purposes, it’s very non-secure.

  • aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) – stores the session data into a cookie as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 32 bytes.

    Requires cryptography library:

    $ pip install aiohttp_session[secure]
  • aiohttp_session.redis_storage.RedisStorage(redis_pool) – stores JSON encoded data in redis, keeping only the redis key (a random UUID) in the cookie. redis_pool is a redis object, created by await aioredis.from_url(...) call.

    $ pip install aiohttp_session[aioredis]

Developing

Install for local development:

$ make setup

Run linters:

$ make lint

Run tests:

$ make test

Third party extensions

License

aiohttp_session is offered under the Apache 2 license.

2.12.0 (2022-10-28)

  • Migrated from aioredis to redis (if using redis without installing aiohttp-session[aioredis] then it will be necessary to manually install redis).

2.11.0 (2021-01-31)

  • Support initialising EncryptedCookieStorage with Fernet object directly.

  • Fix an issue where the session would get reset before the cookie expiry.

2.10.0 (2021-12-30)

  • Typing support

  • Add samesite cookie option

  • Support aioredis 2

2.9.0 (2019-11-04)

  • Fix memcached expiring time (#398)

2.8.0 (2019-09-17)

  • Make this compatible with Python 3.7+. Import from collections.abc, instead of from collections. (#373)

2.7.0 (2018-10-13)

  • Reset a session if the session age > max_age (#331)

  • Reset a session on TTL expiration for EncryptedCookieStorage (#326)

2.6.0 (2018-09-12)

  • Create a new session if NaClCookieStorage cannot decode a corrupted cookie (#317)

2.5.0 (2018-05-12)

  • Add an API for requesting new session explicitly (#281)

2.4.0 (2018-05-04)

  • Fix a bug for session fixation (#272)

2.3.0 (2018-02-13)

  • Support custom encoder and decoder by all storages (#252)

  • Bump to aiohttp 3.0

2.2.0 (2018-01-31)

  • Fixed the formatting of an error handling bad middleware return types. (#249)

2.1.0 (2017-11-24)

  • Add session.set_new_identity() method for changing identity for a new session (#236)

2.0.1 (2017-11-22)

  • Replace assertions in aioredis installation checks by RuntimeError (#235)

2.0.0 (2017-11-21)

  • Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible with aioredis 0.X (#234)

1.2.1 (2017-11-20)

  • Pin aioredis<1.0 (#231)

1.2.0 (2017-11-06)

  • Add MemcachedStorage (#224)

1.1.0 (2017-11-03)

  • Upgrade middleware to new style from aiohttp 2.3+

1.0.1 (2017-09-13)

  • Add key_factory attribute for redis_storage (#205)

1.0.0 (2017-07-27)

  • Catch decoder exception in RedisStorage on data load (#175)

  • Specify domain and path on cookie deletion (#171)

0.8.0 (2016-12-04)

  • Use time.time() instead of time.monotonic() for absolute times (#81)

0.7.0 (2016-09-24)

  • Fix tests to be compatible with aiohttp upstream API for client cookies

0.6.0 (2016-09-08)

  • Add expires field automatically to support older browsers (#43)

  • Respect session.max_age in redis storage #45

  • Always pass default max_age from storage into session (#45)

0.5.0 (2016-02-21)

  • Handle cryptography.fernet.InvalidToken exception by providing an empty session (#29)

0.4.0 (2016-01-06)

  • Add optional NaCl encrypted storage (#20)

  • Relax EncryptedCookieStorage to accept base64 encoded string, e.g. generated by Fernet.generate_key.

  • Add setup() function

  • Save the session even on exception in the middleware chain

0.3.0 (2015-11-20)

  • Reflect aiohttp changes: minimum required Python version is 3.4.1

  • Use explicit ‘aiohttp_session’ package

0.2.0 (2015-09-07)

  • Add session.created property (#14)

  • Replaced PyCrypto with crypthography library (#16)

0.1.2 (2015-08-07)

  • Add manifest file (#15)

0.1.1 (2015-04-20)

  • Fix #7: stop cookie name growing each time session is saved

0.1.0 (2015-04-13)

  • First public release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

aiohttp-session-2.12.0.tar.gz (92.8 kB view details)

Uploaded Source

Built Distribution

aiohttp_session-2.12.0-py3-none-any.whl (12.5 kB view details)

Uploaded Python 3

File details

Details for the file aiohttp-session-2.12.0.tar.gz.

File metadata

  • Download URL: aiohttp-session-2.12.0.tar.gz
  • Upload date:
  • Size: 92.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.8.10

File hashes

Hashes for aiohttp-session-2.12.0.tar.gz
Algorithm Hash digest
SHA256 0ccd11a7c77cb9e5a61f4daacdc9170d561112f9cfaf9e9a2d9867c0587d1950
MD5 b89bde69f6f3c61a991ff408d2733838
BLAKE2b-256 34878dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867

See more details on using hashes here.

File details

Details for the file aiohttp_session-2.12.0-py3-none-any.whl.

File metadata

File hashes

Hashes for aiohttp_session-2.12.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f0bf0caa2f5b5a56cb50a45f98d61f60d8523322099a2857410530149706f5e5
MD5 e0f46a5773a644fa8879e59b95bd9f80
BLAKE2b-256 ac5c29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page