Server side sessions in Flask using AWS DynamoDB table as a data store
Project description
Flask DynamoDB Sessions
Server-side sessions in Flask using AWS DynamoDB as the backend data store.
DynamoDB is AWS's SaaS NoSQL solution which makes it perfect for use as a session store. Being a SaaS service we no longer have to manage servers/storage/etc and take advantage of some notable features such as:
- Auto-scaling
- Automatic Lifecycle ( Garbage collection )
- Encryption at rest
- etc...
Sessions are pickled and base64 encoded to be stored in DynamoDB as strings. As a result you may save objects to your sessions as long as the object supports the pickle interface.
DynamoDB supports a maximum object size of 400 KB. Minus the UUID4 session id, modified date/time string and ttl timestamp you have approximately 398 KB available for your session.
Installation
# w/ pip
pip install flask-dynamodb-sessions
# w/ easy_install
easy_install flask-dynamodb-sessions
Usage example
from flask import (Flask, session)
from flask_dynamodb_sessions import Session
app = Flask(__name__)
# Set flask to use the dynamo session interface
Session(app)
@app.route('/', methods=['GET'])
def index_get():
# use sessions just as you normally would
session['user'] = {'username': 'jhardy'}
user = session.get('user')
session_id = session.sid
View examples directory for more
Configuration Options
Below are additional SESSION_* configuration options specific to DynamoDB sessions.
SESSION_DYNAMODB_TABLE (string): The DynamoDB table to save to. Default: flask_sessions
SESSION_DYNAMODB_ENDPOINT (string): Override the boto3 endpoint, good for local development and using dynamodb-local. Default: None
SESSION_DYNAMODB_TTL_SECONDS (int): Number of seconds to add to the TTL column. Default: 86400 * 14 (14 Days)
SESSION_DYNAMODB_CONSISTENT_READ (bool): Whether or not to perform a strongly consistent read from DynamoDB. Default: False
The existing SESSION_* config parameters still apply (IE: cookie settings). SESSION_REFRESH_EACH_REQUEST
is the only setting that is negated and each request will refesh the cookie (Might be modified in a future release).
Transmission of ID via Header
Using cookies to store the session ID may not work in some environments, so a normal HTTP header may be used to pass the ID in requests and responses.
There are two settings to control this:
SESSION_DYNAMODB_USE_HEADER (bool): Whether or not to use a header for the ID, instead of cookies. Default: False
SESSION_DYNAMODB_HEADER_NAME (string): The name of the header to use for the ID. Default: X-SessionId
Table Structure
The table structure is fairly simple.
{
id: string HASH,
modified: string DATETIME UTC
ttl: number UTC TIME + SESSION_DYANMODB_TTL_SECONDS
data: string JSON ENCODED SESSION
}
Create the table VIA aws cli.
aws dynamodb create-table --key-schema "AttributeName=id,KeyType=HASH" \
--attribute-definitions "AttributeName=id,AttributeType=S" \
--provisioned-throughput "ReadCapacityUnits=5,WriteCapacityUnits=5" \
--table-name flask_sessions
The ttl column is present to take advantage of DynamoDB's Lifecycle feature where dynamo will delete all rows with a ttl in the past.
Enable time-to-live (garbage collection)
aws dynamodb update-time-to-live --time-to-live-specification 'Enabled=true,AttributeName=ttl' --table-name flask_sessions
TODO
- Test coverage
- More laxed cookie refresh
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for flask-dynamodb-sessions-0.1.8.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 524be0b7dc6acbe975e26a7a923146e36715cb9054b0bf481b5190e36ff8063d |
|
| MD5 | 107a5939cd91020a49f7f22e5ee5ab5f |
|
| BLAKE2b-256 | 2ba5c5f290df2e01dc11fc5dbf4a133cbe6ac58686a4241c4c1904049a084766 |
