websauna.system.core.session module¶
Session management.
-
websauna.system.core.session.
NO_SESSION_FILE_EXTENSIONS
= ['.js', '.css', '.ico', '.png', '.gif', '.jpg']¶ Todo temporary fix until we manage address this properly in pyramid_redis_sessions
-
class
websauna.system.core.session.
WebsaunaSession
(initial_data, redis, session_id, new, new_session, serialize=<built-in function dumps>, deserialize=<built-in function loads>)[source]¶ Bases:
pyramid_redis_sessions.session.RedisSession
A specialized session handler that supports initial parameters.
We can pass initial_data that pre-populates session data keys when the session is written for the first time. Usually this is when CSRF token is generated.
-
websauna.system.core.session.
WebsaunaSessionFactory
(secret, timeout=1200, cookie_name='session', cookie_max_age=None, cookie_path='/', cookie_domain=None, cookie_secure=False, cookie_httponly=True, cookie_on_exception=True, url=None, host='localhost', port=6379, db=0, password=None, socket_timeout=None, connection_pool=None, encoding='utf-8', encoding_errors='strict', unix_socket_path=None, client_callable=None, serialize=<built-in function dumps>, deserialize=<built-in function loads>, id_generator=<function _generate_session_id>, cookieless_headers=('expires', 'cache-control'), klass=<class 'websauna.system.core.session.WebsaunaSession'>)[source]¶ Overrides the RedisSessionFactory with Websauna specifi functionality.
Note
Due to functional paradigm, there was no clean way to override this. Move this to upstream pyramid_redis_session - its development has stalled for now
Constructs and returns a session factory that will provide session data from a Redis server. The returned factory can be supplied as the
session_factory
argument of apyramid.config.Configurator
constructor, or used as thesession_factory
argument of thepyramid.config.Configurator.set_session_factory()
method.Parameters:
secret
A string which is used to sign the cookie.timeout
A number of seconds of inactivity before a session times out.cookie_name
The name of the cookie used for sessioning. Default:session
.cookie_max_age
The maximum age of the cookie used for sessioning (in seconds). Default:None
(browser scope).cookie_path
The path used for the session cookie. Default:/
.cookie_domain
The domain used for the session cookie. Default:None
(no domain).cookie_secure
The ‘secure’ flag of the session cookie. Default:False
.cookie_httponly
The ‘httpOnly’ flag of the session cookie. Default:True
.cookie_on_exception
IfTrue
, set a session cookie even if an exception occurs while rendering a view. Default:True
.url
A connection string for a Redis server, in the format: redis://username:password@localhost:6379/0 Default:None
.host
A string representing the IP of your Redis server. Default:localhost
.port
An integer representing the port of your Redis server. Default:6379
.db
An integer to select a specific database on your Redis server. Default:0
password
A string password to connect to your Redis server/database if required. Default:None
.client_callable
A python callable that accepts a Pyramid request and Redis config options and returns a Redis client such as redis-py’s StrictRedis. Default:None
.serialize
A function to serialize the session dict for storage in Redis. Default:cPickle.dumps
.deserialize
A function to deserialize the stored session data in Redis. Default:cPickle.loads
.id_generator
A function to create a unique ID to be used as the session key when a session is first created. Default: private function that uses sha1 with the time and random elements to create a 40 character unique ID.cookieless_headers
If view has set any of these response headers do not add a session cookie on this response. This way views generating cacheable content, like images, can signal the downstream web server that this content is safe. Otherwise if we set a cookie on these responses it could result to user session leakage.The following arguments are also passed straight to the
StrictRedis
constructor and allow you to further configure the Redis client:socket_timeout connection_pool encoding encoding_errors unix_socket_path
-
websauna.system.core.session.
ignore_session
(url)[source]¶ Should we ignore session for this request?
Static assets requests do not need a session, exception made to requests to /notebook, because those requests are proxies to another daemon. :type url:
str
:param url: Request url. :rtype:bool
:return: Flag indicating if session should be ignored.