A pluggable session implementation for Pyramid
Want to be able to change out session backends using a simple configuration change, want to store your session data in a new location but re-implementing ISession from Pyramid looks too daunting, fear not, pyramid_pluggable_session makes this really simple.
Is this a pyramid_beaker replacement?
Yes. Although I’ve already been told that unless I implement ALL existing beaker backends that I am not doing it right, so I am hereby doing it wrong ;-).
Want to add a new backend? Perfect. Want to write some tests? Documentation? The whole nine yards? Please!
- Clone this repo, create a new topic branch, and hack hack hack.
- Push your topic branch to Github
- Create a new pull request
- I will review it, and if all is well pull it into this source tree!
- Add better protection against session fixation:
- Upon failure to deserialize/unpack/expiration of session a new session id is generated.
- Upon calling invalidate() a new session is generated with a new session id
- Add more clean-up using the new clear() functionality. When a session fails to deserialize, we remove it from the backends, if a session fails to unpack we remove it from the backends, and if it has expired we also remove it from the backends.
- Update the included backends memory/file/chain to add the new clear() function required by IPlugSession.
- Add clear() to IPlugSession interface to allow the session to explicitly have the backend plugs remove the session data associated with a certain session id.
- On _save_session we set the cookie to response that is provided to us by the callback, and not request.response which may not be the users response.
- A file based session storage now exists.
- A chain can now be constructed for session storage
- A new ISession compliant Pyramid session provider appears.
- A single backend exists, it is based on local Pyramid memory.