sessions for aiohttp.web
Project description
aiohttp_session
The library provides sessions for aiohttp.web.
Usage
The library allows us to store user-specific data into a session object.
The session object has a dict-like interface (operations like session[key] = value, value = session[key] etc. are present).
Before processing the session in a web-handler, you have to register the session middleware in aiohttp.web.Application.
A trivial usage example:
import time
import base64
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage
async def handler(request):
session = await get_session(request)
last_visit = session['last_visit'] if 'last_visit' in session else None
session['last_visit'] = time.time()
text = 'Last visited: {}'.format(last_visit)
return web.Response(text=text)
def make_app():
app = web.Application()
# secret_key must be 32 url-safe base64-encoded bytes
fernet_key = fernet.Fernet.generate_key()
secret_key = base64.urlsafe_b64decode(fernet_key)
setup(app, EncryptedCookieStorage(secret_key))
app.router.add_get('/', handler)
return app
web.run_app(make_app())All storages use an HTTP Cookie named AIOHTTP_SESSION for storing data. This can be modified by passing the keyword argument cookie_name to the storage class of your choice.
Available session storages are:
aiohttp_session.SimpleCookieStorage() – keeps session data as a plain JSON string in the cookie body. Use the storage only for testing purposes, it’s very non-secure.
aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) – stores the session data into a cookie as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 32 bytes.
Requires cryptography library:
$ pip install aiohttp_session[secure]
aiohttp_session.redis_storage.RedisStorage(redis_pool) – stores JSON encoded data in redis, keeping only the redis key (a random UUID) in the cookie. redis_pool is a aioredis pool object, created by await aioredis.create_redis_pool(...) call.
Requires aioredis library (only versions 1.0+ are supported):
$ pip install aiohttp_session[aioredis]
Developing
Install for local development:
$ pip install -r requirements-dev.txt
Run tests with:
$ pytest -sv tests/
Third party extensions
License
aiohttp_session is offered under the Apache 2 license.
Changes
2.6.0 (2018-09-12)
Create a new session if NaClCookieStorage cannot decode a corrupted cookie #317
2.5.0 (2018-05-12)
Add an API for requesting new session explicitly #281
2.4.0 (2018-05-04)
Fix a bug for session fixation #272
2.3.0 (2018-02-13)
Support custom encoder and decoder by all storages #252
Bump to aiohttp 3.0
2.2.0 (2018-01-31)
Fixed the formatting of an error handling bad middleware return types. #249
2.1.0 (2017-11-24)
Add session.set_new_identity() method for changing identity for a new session #236
2.0.1 (2017-11-22)
Replace assertions in aioredis installation checks by RuntimeError #235
2.0.0 (2017-11-21)
Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible with aioredis 0.X #234
1.2.1 (2017-11-20)
Pin aioredis<1.0 #231
1.2.0 (2017-11-06)
Add MemcachedStorage #224
1.1.0 (2017-11-03)
Upgrade middleware to new style from aiohttp 2.3+
1.0.1 (2017-09-13)
Add key_factory attribute for redis_storage #205
1.0.0 (2017-07-27)
Catch decoder exception in RedisStorage on data load #175
Specify domain and path on cookie deletion #171
0.8.0 (2016-12-04)
Use time.time() instead of time.monotonic() for absolute times #81
0.7.0 (2016-09-24)
Fix tests to be compatible with aiohttp upstream API for client cookies
0.6.0 (2016-09-08)
Add expires field automatically to support older browsers #43
Respect session.max_age in redis storage #45
Always pass default max_age from storage into session #45
0.5.0 (2016-02-21)
Handle cryptography.fernet.InvalidToken exception by providing an empty session #29
0.4.0 (2016-01-06)
Add optional NaCl encrypted storage #20
Relax EncryptedCookieStorage to accept base64 encoded string, e.g. generated by Fernet.generate_key.
Add setup() function
Save the session even on exception in the middleware chain
0.3.0 (2015-11-20)
Reflect aiohttp changes: minimum required Python version is 3.4.1
Use explicit ‘aiohttp_session’ package
0.2.0 (2015-09-07)
Add session.created property #14
Replaced PyCrypto with crypthography library #16
0.1.2 (2015-08-07)
Add manifest file #15
0.1.1 (2015-04-20)
Fix #7: stop cookie name growing each time session is saved
0.1.0 (2015-04-13)
First public release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aiohttp-session-2.6.0.tar.gz.
File metadata
- Download URL: aiohttp-session-2.6.0.tar.gz
- Upload date:
- Size: 99.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.1.0 requests-toolbelt/0.8.0 tqdm/4.23.3 CPython/3.6.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0a7eb739a71a0f7366d2ea51583727900fdcca1ae8dedfea364c19a586e6738d |
|
| MD5 | 47e458c0dfa7b097aabdecc3cbb144cf |
|
| BLAKE2b-256 | ff4bddf1370b6484d1ba16d0a4ca5f6532f8fdb6e0b5c7c5f24e3753c037ded8 |
File details
Details for the file aiohttp_session-2.6.0-py3-none-any.whl.
File metadata
- Download URL: aiohttp_session-2.6.0-py3-none-any.whl
- Upload date:
- Size: 13.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.11.0 pkginfo/1.4.2 requests/2.18.4 setuptools/39.1.0 requests-toolbelt/0.8.0 tqdm/4.23.3 CPython/3.6.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bde016fb93b3c82e4ef6d286b44bfda54f1f7d2f8e6419513de4f4909bbe76b9 |
|
| MD5 | 56009b708e7bb0ea7474141feb2a6797 |
|
| BLAKE2b-256 | 2e7933b540053fc7966f8d8ddc423a2e239826a8a81aea6b4f55e6cfbea2ec8f |
