sessions for aiohttp.web

Navigation

Verified details

These details have been verified by PyPI
Owner
Maintainers
Avatar for aio-libs-bot from gravatar.com aio-libs-bot Avatar for Andrew.Svetlov from gravatar.com Andrew.Svetlov Avatar for webknjaz from gravatar.com webknjaz

Unverified details

These details have not been verified by PyPI
Project links
Meta
Classifiers
Report project as malware

Project description

aiohttp_session

The library provides sessions for aiohttp.web.

Usage

The library allows to store user-specific data into session object.

The session object has dict-like interface (operations like session[key] = value, value = session[key] etc. are present).

Before processing session in web-handler you have to register session middleware in aiohttp.web.Application.

A trivial usage example:

import asyncio
import time
from aiohttp import web
from aiohttp_session import get_session, session_middleware
from aiohttp_session.cookie_storage import EncryptedCookieStorage

@asyncio.coroutine
def handler(request):
    session = yield from get_session(request)
    session['last_visit'] = time.time()
    return web.Response(body=b'OK')

@asyncio.coroutine
def init(loop):
    app = web.Application(middlewares=[session_middleware(
        EncryptedCookieStorage(b'Sixteen byte key'))])
    app.router.add_route('GET', '/', handler)
    srv = yield from loop.create_server(
        app.make_handler(), '0.0.0.0', 8080)
    return srv

loop = asyncio.get_event_loop()
loop.run_until_complete(init(loop))
try:
    loop.run_forever()
except KeyboardInterrupt:
    pass

All storages uses HTTP Cookie named AIOHTTP_COOKIE_SESSION for storing data.

Available session storages are:

  • aiohttp_session.SimpleCookieStorage() – keeps session data as plain JSON string in cookie body. Use the storage only for testing purposes, it’s very non-secure.

  • aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) – stores session data into cookies as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 16 bytes.

    Requires crypotgraphy library:

    $ pip install aiohttp_session[secure]

  • aiohttp_session.redis_storage.RedisStorage(redis_pool) – stores JSON-ed data into redis, keepeng into cookie only redis key (random UUID). redis_pool is aioredis pool object, created by yield from aioredis.create_pool(...) call.

    Requires aioredis library:

    $ pip install aiohttp_session[aioredis]

License

aiohttp_session is offered under the Apache 2 license.

Changes

0.3.0 (2015-11-20)

  • Reflect aiohttp changes: minimum required Python version is 3.4.1

  • Use explicit ‘aiohttp_session’ package

0.2.0 (2015-09-07)

  • Add session.created property #14

  • Replaced PyCrypto with crypthography library #16

0.1.2 (2015-08-07)

  • Add manifest file #15

0.1.1 (2015-04-20)

  • Fix #7: stop cookie name growing each time session is saved

0.1.0 (2015-04-13)

  • First public release

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page