sessions for aiohttp.web
Project description
aiohttp_session
The library provides sessions for aiohttp.web.
Usage
The library allows to store user-specific data into session object.
The session object has dict-like interface (operations like session[key] = value, value = session[key] etc. are present).
Before processing session in web-handler you have to register session middleware in aiohttp.web.Application.
A trivial usage example:
import asyncio
import time
import base64
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session, session_middleware
from aiohttp_session.cookie_storage import EncryptedCookieStorage
async def handler(request):
session = await get_session(request)
last_visit = session['last_visit'] if 'last_visit' in session else None
text = 'Last visited: {}'.format(last_visit)
return web.Response(body=text.encode('utf-8'))
def make_app():
app = web.Application()
# secret_key must be 32 url-safe base64-encoded bytes
fernet_key = fernet.Fernet.generate_key()
secret_key = base64.urlsafe_b64decode(fernet_key)
setup(app, EncryptedCookieStorage(secret_key))
app.router.add_route('GET', '/', handler)
return app
web.run_app(make_app())
All storages uses HTTP Cookie named AIOHTTP_COOKIE_SESSION for storing data.
Available session storages are:
aiohttp_session.SimpleCookieStorage() – keeps session data as plain JSON string in cookie body. Use the storage only for testing purposes, it’s very non-secure.
aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) – stores session data into cookies as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 32 bytes.
Requires cryptography library:
$ pip install aiohttp_session[secure]
aiohttp_session.redis_storage.RedisStorage(redis_pool) – stores JSON-ed data into redis, keepeng into cookie only redis key (random UUID). redis_pool is aioredis pool object, created by yield from aioredis.create_pool(...) call.
Requires aioredis library:
$ pip install aiohttp_session[aioredis]
License
aiohttp_session is offered under the Apache 2 license.
Changes
0.7.0 (2016-09-24)
Fix tests to be compatible with aiohttp upstream API for client cookies
0.6.0 (2016-09-08)
Add expires field automatically to support older browsers #43
Respect session.max_age in redis storage #45
Always pass default max_age from storage into session #45
0.5.0 (2016-02-21)
Handle cryptography.fernet.InvalidToken exception by providing an empty session #29
0.4.0 (2016-01-06)
Add optional NaCl encrypted storage #20
Relax EncryptedCookieStorage to accept base64 encoded string, e.g. generated by Fernet.generate_key.
Add setup() function
Save the session even on exception in the middleware chain
0.3.0 (2015-11-20)
Reflect aiohttp changes: minimum required Python version is 3.4.1
Use explicit ‘aiohttp_session’ package
0.2.0 (2015-09-07)
Add session.created property #14
Replaced PyCrypto with crypthography library #16
0.1.2 (2015-08-07)
Add manifest file #15
0.1.1 (2015-04-20)
Fix #7: stop cookie name growing each time session is saved
0.1.0 (2015-04-13)
First public release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aiohttp_session-0.7.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bda116915751db9bb5e17b497f567e4588074217af89ae1c173ce20804423295 |
|
| MD5 | ce118877bb6362d19cf25fe8388978ef |
|
| BLAKE2b-256 | 795a840143176fde239bddab14ffa58fcbe2796a6dbdc5393a6afb5c6055035d |
