Contains the core API for a DynamoDB-backed session

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for JasonC from gravatar.com JasonC

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jason Capriotti
  • Tags DynamoDB, Session, Web
  • Requires: Python >=3.9, <4.0
Classifiers

Project description

dynamodb-session-web

An implementation of a "web" session using DynamoDB as backend storage. This project has the following goals:

  • Focus on core session handling concerns, rather than specific Python frameworks.
  • Follow OWASP Session Management best practices by default. Specifically, best practices for:
    • Session ID
      • Length, value, and entropy: ID is a 32-byte secure random number.
      • Strict session management: ID generation can only occur within the framework.
      • Treat as sensitive: A "loggable session ID" is provided as a property in order to make logging the ID easier (if desired).
    • Timeouts
      • Absolute session timeout - default of 12 hours
      • Idle session timeout - default of 2 hours
      • Manual session timeout - i.e. there's delete/clear support

Usage

Requires a DynamoDB table named app_session (can be changed in settings)

Create session table

aws dynamodb create-table \
    --attribute-definitions \
        AttributeName=id,AttributeType=S \
    --key-schema "AttributeName=id,KeyType=HASH" \
    --provisioned-throughput "ReadCapacityUnits=5,WriteCapacityUnits=5" \
    --table-name app_session

Default Example

from dynamodb_session_web import SessionManager

session = SessionManager()

# Create a new session object, get the ID for later use
initial_data = session.create()
session_id = initial_data.session_id

initial_data['foo'] = 'bar'
initial_data['one'] = 1
session.save(initial_data)

print(session_id)
#> 'WaHnSSou4d5Rq0k11vFGafe4sjMrkwiVhNziIWLLwMc'
print(initial_data.loggable_session_id)
#> '517286da2682be08dc9975612dc86d65487f0990906656f631d419e64dcda6f41f5e0529c290663be315524a0b35777645e0e827d2e982a048b5e2b4bba4e02b'

loaded_data = session.load(session_id)
print(loaded_data['foo'])
#> 'bar'
print(loaded_data['one'])
#> 1

session.clear(session_id)

Configurable Timeout and NullSession Response

from time import sleep
from dynamodb_session_web import SessionManager

session = SessionManager()

# Create a new session object, get the ID for later use
initial_data = session.create()
initial_data.idle_timeout_seconds = 30
initial_data.absolute_timeout_seconds = 30
session_id = initial_data.session_id

initial_data['foo'] = 'bar'
session.save(initial_data)

sleep(35)

loaded_data = session.load(session_id)
print(loaded_data)
#> <dynamodb_session_web.NullSessionInstance object at 0x109a7da30>

Custom Data Class Example

import json
from dataclasses import asdict, dataclass

from dynamodb_session_web import SessionInstanceBase, SessionManager

@dataclass
class MySession(SessionInstanceBase):
    fruit: str = ''
    color: str = ''

    def __init__(self, **kwargs):
        super().__init__(**kwargs)

    def deserialize(self, data):
        data_dict = json.loads(data)
        self.fruit = data_dict['fruit']
        self.color = data_dict['color']

    def serialize(self):
        return json.dumps(asdict(self))

session = SessionManager(MySession)

# Create a new session object, get the ID for later use
initial_data = session.create()
session_id = initial_data.session_id

initial_data.fruit = 'apple'
initial_data.color = 'red'
session.save(initial_data)

loaded_data = session.load(session_id)
print(loaded_data.fruit)
#> 'apple'
print(loaded_data.color)
#> 'red'

session.clear(session_id)

Configuration

Several behaviors can be configured at the Session Manager level:

  • Custom data class; must provide serialization and deserialization methods (see examples). Defaults to a dictionary.
  • Session ID length. Defaults to 32 bytes.
  • Table name. Defaults to app_session
  • DynamoDB URL. Defaults to None (i.e. Boto3 logic).
  • Idle session timeout (in seconds). Defaults to 7200 seconds (2 hours).
  • Absolute session timeout (in seconds). Defaults to 43200 seconds (12 hours).
from dynamodb_session_web import SessionInstanceBase, SessionManager

class MyCustomDataClass(SessionInstanceBase):
    def deserialize(self, data: str):
        pass

    def serialize(self) -> str:
        pass

SessionManager(
    MyCustomDataClass,
    sid_byte_length=128,
    table_name='my-dynamodb-table',
    endpoint_url='http://localhost:8000',
    region_name='us-east-1',
    idle_timeout_seconds=300,
    absolute_timeout_seconds=3600,
)

Additionally, individual session instances can have their own idle and absolute timeouts, specified in seconds:

from dynamodb_session_web import SessionManager

session = SessionManager()

instance = session.create()
instance.idle_timeout_seconds = 30
instance.absolute_timeout_seconds = 30

Development

Prerequisites:

  • Docker

Tests

install poetry, then run poetry install to install the dependencies.

To run tests, run poetry run pytest

The integration tests will use the docker-compose.yml file to create a local DynamoDB instance.

Useful Things

Get a record from local DynamoDB instance

export sid=Jh4f1zvVp9n-YaDbkpZ0Vtru6iCXnERZv40q_ocZ7BA
aws dynamodb query --table-name app_session --endpoint-url http://localhost:8000 \
  --key-condition-expression 'id = :id' \
  --expression-attribute-values '{ ":id": {"S": "'$sid'" }}'

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for JasonC from gravatar.com JasonC

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Jason Capriotti
  • Tags DynamoDB, Session, Web
  • Requires: Python >=3.9, <4.0
Classifiers

Release history Release notifications | RSS feed

0.2.9

This version

0.2.8

0.2.7

0.2.6

0.2.5

0.2.4

0.2.3

0.2.2

0.2.1

0.2.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dynamodb-session-web-0.2.8.tar.gz (8.3 kB view details)

Uploaded Source

Built Distribution

dynamodb_session_web-0.2.8-py3-none-any.whl (8.7 kB view details)

Uploaded Python 3

File details

Details for the file dynamodb-session-web-0.2.8.tar.gz.

File metadata

  • Download URL: dynamodb-session-web-0.2.8.tar.gz
  • Upload date:
  • Size: 8.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.2.0 CPython/3.9.13 Darwin/21.6.0

File hashes

Hashes for dynamodb-session-web-0.2.8.tar.gz
Algorithm Hash digest
SHA256 8a799c3841639e57fd28412f24eb0f59f6aeb61285925457aaa91db6460011f2
MD5 6b6b032be3b7107bc42e66443dd5706d
BLAKE2b-256 339c261af179f4efbd9006c377927f0ec57609cc3ff42d62b58fc1abc44241b2

See more details on using hashes here.

File details

Details for the file dynamodb_session_web-0.2.8-py3-none-any.whl.

File metadata

File hashes

Hashes for dynamodb_session_web-0.2.8-py3-none-any.whl
Algorithm Hash digest
SHA256 30cd5d0940f28bd5271fa13f59f2e7d07d18c68f6d22b09c87a3bc6ca0ecad68
MD5 ef07f6bb94fb3456bb18c7e414f7bfcb
BLAKE2b-256 a1fc064d33bae5bdc6faba015166b3594975972c09ba320f9d8c8715c39a9a51

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page