Signed Cookie-Based HTTP sessions for ASGI applications

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for klen from gravatar.com klen

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Kirill Klenov
  • Tags asgi, sessions
Classifiers
Report project as malware

Project description

asgi-sessions – Signed Cookie-Based HTTP sessions for ASGI applications

Tests Status PYPI Version

Requirements

  • python >= 3.7

Installation

asgi-sessions should be installed using pip:

pip install asgi-sessions

Usage

Common ASGI applications:

from asgi_sessions import SessionMiddleware


async def my_app(scope, receive, send):
    """Read session and get the current user data from it or from request query."""
    # The middleware puts a session into scope['session]
    session = scope['session']

    status, headers = 200, []
    if scope['query_string']:
        # Store any information inside the session
        session['user'] = scope['query_string'].decode()
        status, headers = 307, [(b"location", b"/")]

    # Read a stored info from the session
    user = (session.get('user') or 'anonymous').title().encode()

    await send({"type": "http.response.start", "status": status, "headers": headers})
    await send({"type": "http.response.body", "body": b"Hello %s" % user})

app = SessionMiddleware(my_app, secret_key="sessions-secret")

# http GET / -> Hello Anonymous
# http GET /?tom -> Hello Tom
# http GET / -> Hello Tom

As ASGI-Tools Internal middleware

from asgi_tools import AppMiddleware
from asgi_sessions import SessionMiddleware

app = AppMiddleware(None, SessionMiddleware, secret_key='SESSION-SECRET')

@app.route('/')
async def index(request):
    session = request['session']
    user = session.get('user', 'anonymous')
    return 'Hello %s' % user.title()

@app.route('/login/{user}')
async def login(request, user='anonymous'):
    session = request['session']
    session['user'] = user
    return "Done"

@app.route('/logout')
async def logout(request, *args):
    session = request['session']
    del session['user']
    return "Done"

# http GET / -> Hello Anonymous
# http GET /login/tom -> Done
# http GET / -> Hello Tom
# http GET /logout -> Done
# http GET / -> Hello Anonymous

Options

from asgi_sessions import SessionMiddleware

app = SessionMiddleware(

     # Your ASGI application
     app,

     # Secret Key for the session (required)
     secret_key,

     # Cookie name to keep the session (optional)
     cookie_name='session',

     # Cookie max age (in seconds) (optional)
     max_age=14 * 24 * 3600,

     # Cookie samesite (optional)
     samesite='lax',

     # Cookie secure (https only) (optional)
     secure=False,

)

Bug tracker

If you have any suggestions, bug reports or annoyances please report them to the issue tracker at https://github.com/klen/asgi-sessions/issues

Contributing

Development of the project happens at: https://github.com/klen/asgi-sessions

License

Licensed under a MIT license.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page