sessions for aiohttp.web
Project description
aiohttp_session
The library provides sessions for aiohttp.web.
Usage
The library allows us to store user-specific data into a session object.
The session object has a dict-like interface (operations like session[key] = value, value = session[key] etc. are present).
Before processing the session in a web-handler, you have to register the session middleware in aiohttp.web.Application.
A trivial usage example:
import time
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage
async def handler(request):
session = await get_session(request)
last_visit = session['last_visit'] if 'last_visit' in session else None
session['last_visit'] = time.time()
text = 'Last visited: {}'.format(last_visit)
return web.Response(text=text)
def make_app():
app = web.Application()
fernet_key = fernet.Fernet.generate_key()
f = fernet.Fernet(fernet_key)
setup(app, EncryptedCookieStorage(f))
app.router.add_get('/', handler)
return app
web.run_app(make_app())All storages use an HTTP Cookie named AIOHTTP_SESSION for storing data. This can be modified by passing the keyword argument cookie_name to the storage class of your choice.
Available session storages are:
aiohttp_session.SimpleCookieStorage() – keeps session data as a plain JSON string in the cookie body. Use the storage only for testing purposes, it’s very non-secure.
aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) – stores the session data into a cookie as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 32 bytes.
Requires cryptography library:
$ pip install aiohttp_session[secure]
aiohttp_session.redis_storage.RedisStorage(redis_pool) – stores JSON encoded data in redis, keeping only the redis key (a random UUID) in the cookie. redis_pool is a redis object, created by await aioredis.from_url(...) call.
$ pip install aiohttp_session[aioredis]
Developing
Install for local development:
$ make setup
Run linters:
$ make lint
Run tests:
$ make test
Third party extensions
License
aiohttp_session is offered under the Apache 2 license.
2.12.0 (2022-10-28)
Migrated from aioredis to redis (if using redis without installing aiohttp-session[aioredis] then it will be necessary to manually install redis).
2.11.0 (2021-01-31)
Support initialising EncryptedCookieStorage with Fernet object directly.
Fix an issue where the session would get reset before the cookie expiry.
2.10.0 (2021-12-30)
Typing support
Add samesite cookie option
Support aioredis 2
2.9.0 (2019-11-04)
Fix memcached expiring time (#398)
2.8.0 (2019-09-17)
Make this compatible with Python 3.7+. Import from collections.abc, instead of from collections. (#373)
2.7.0 (2018-10-13)
Reset a session if the session age > max_age (#331)
Reset a session on TTL expiration for EncryptedCookieStorage (#326)
2.6.0 (2018-09-12)
Create a new session if NaClCookieStorage cannot decode a corrupted cookie (#317)
2.5.0 (2018-05-12)
Add an API for requesting new session explicitly (#281)
2.4.0 (2018-05-04)
Fix a bug for session fixation (#272)
2.3.0 (2018-02-13)
Support custom encoder and decoder by all storages (#252)
Bump to aiohttp 3.0
2.2.0 (2018-01-31)
Fixed the formatting of an error handling bad middleware return types. (#249)
2.1.0 (2017-11-24)
Add session.set_new_identity() method for changing identity for a new session (#236)
2.0.1 (2017-11-22)
Replace assertions in aioredis installation checks by RuntimeError (#235)
2.0.0 (2017-11-21)
Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible with aioredis 0.X (#234)
1.2.1 (2017-11-20)
Pin aioredis<1.0 (#231)
1.2.0 (2017-11-06)
Add MemcachedStorage (#224)
1.1.0 (2017-11-03)
Upgrade middleware to new style from aiohttp 2.3+
1.0.1 (2017-09-13)
Add key_factory attribute for redis_storage (#205)
1.0.0 (2017-07-27)
Catch decoder exception in RedisStorage on data load (#175)
Specify domain and path on cookie deletion (#171)
0.8.0 (2016-12-04)
Use time.time() instead of time.monotonic() for absolute times (#81)
0.7.0 (2016-09-24)
Fix tests to be compatible with aiohttp upstream API for client cookies
0.6.0 (2016-09-08)
Add expires field automatically to support older browsers (#43)
Respect session.max_age in redis storage #45
Always pass default max_age from storage into session (#45)
0.5.0 (2016-02-21)
Handle cryptography.fernet.InvalidToken exception by providing an empty session (#29)
0.4.0 (2016-01-06)
Add optional NaCl encrypted storage (#20)
Relax EncryptedCookieStorage to accept base64 encoded string, e.g. generated by Fernet.generate_key.
Add setup() function
Save the session even on exception in the middleware chain
0.3.0 (2015-11-20)
Reflect aiohttp changes: minimum required Python version is 3.4.1
Use explicit ‘aiohttp_session’ package
0.2.0 (2015-09-07)
Add session.created property (#14)
Replaced PyCrypto with crypthography library (#16)
0.1.2 (2015-08-07)
Add manifest file (#15)
0.1.1 (2015-04-20)
Fix #7: stop cookie name growing each time session is saved
0.1.0 (2015-04-13)
First public release
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aiohttp_session-2.12.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f0bf0caa2f5b5a56cb50a45f98d61f60d8523322099a2857410530149706f5e5 |
|
| MD5 | e0f46a5773a644fa8879e59b95bd9f80 |
|
| BLAKE2b-256 | ac5c29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f |
