aiohttp-session


Nameaiohttp-session JSON
Version 2.12.0 PyPI version JSON
download
home_pagehttps://github.com/aio-libs/aiohttp_session/
Summarysessions for aiohttp.web
upload_time2022-10-28 23:57:00
maintainer
docs_urlNone
authorAndrew Svetlov
requires_python>=3.7
licenseApache 2
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage
            aiohttp_session
===============
.. image:: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master
    :target: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml
.. image:: https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master
    :target: https://codecov.io/github/aio-libs/aiohttp-session
.. image:: https://readthedocs.org/projects/aiohttp-session/badge/?version=latest
    :target: https://aiohttp-session.readthedocs.io/
.. image:: https://img.shields.io/pypi/v/aiohttp-session.svg
    :target: https://pypi.python.org/pypi/aiohttp-session

The library provides sessions for `aiohttp.web`__.

.. _aiohttp_web: https://aiohttp.readthedocs.io/en/latest/web.html

__ aiohttp_web_

Usage
-----

The library allows us to store user-specific data into a session object.

The session object has a dict-like interface (operations like
``session[key] = value``, ``value = session[key]`` etc. are present).


Before processing the session in a web-handler, you have to register the
*session middleware* in ``aiohttp.web.Application``.

A trivial usage example:

.. code:: python

    import time
    from cryptography import fernet
    from aiohttp import web
    from aiohttp_session import setup, get_session
    from aiohttp_session.cookie_storage import EncryptedCookieStorage


    async def handler(request):
        session = await get_session(request)
        last_visit = session['last_visit'] if 'last_visit' in session else None
        session['last_visit'] = time.time()
        text = 'Last visited: {}'.format(last_visit)
        return web.Response(text=text)


    def make_app():
        app = web.Application()
        fernet_key = fernet.Fernet.generate_key()
        f = fernet.Fernet(fernet_key)
        setup(app, EncryptedCookieStorage(f))
        app.router.add_get('/', handler)
        return app


    web.run_app(make_app())


All storages use an HTTP Cookie named ``AIOHTTP_SESSION`` for storing
data. This can be modified by passing the keyword argument ``cookie_name`` to
the storage class of your choice.

Available session storages are:

* ``aiohttp_session.SimpleCookieStorage()`` -- keeps session data as a
  plain JSON string in the cookie body. Use the storage only for testing
  purposes, it's very non-secure.

* ``aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)``
  -- stores the session data into a cookie as ``SimpleCookieStorage`` but
  encodes it via AES cipher. ``secrect_key`` is a ``bytes`` key for AES
  encryption/decryption, the length should be 32 bytes.

  Requires ``cryptography`` library::

      $ pip install aiohttp_session[secure]

* ``aiohttp_session.redis_storage.RedisStorage(redis_pool)`` -- stores
  JSON encoded data in *redis*, keeping only the redis key (a random UUID) in
  the cookie. ``redis_pool`` is a ``redis`` object, created by
  ``await aioredis.from_url(...)`` call.

      $ pip install aiohttp_session[aioredis]


Developing
----------

Install for local development::

    $ make setup

Run linters::

    $ make lint

Run tests::

    $ make test


Third party extensions
----------------------

* `aiohttp_session_mongo
  <https://github.com/alexpantyukhin/aiohttp-session-mongo>`_

* `aiohttp_session_dynamodb
  <https://github.com/alexpantyukhin/aiohttp-session-dynamodb>`_


License
-------

``aiohttp_session`` is offered under the Apache 2 license.

.. towncrier release notes start

2.12.0 (2022-10-28)
===================

* Migrated from `aioredis` to `redis` (if using redis without installing
  `aiohttp-session[aioredis]` then it will be necessary to manually install `redis`).

2.11.0 (2021-01-31)
===================

* Support initialising `EncryptedCookieStorage` with `Fernet` object directly.
* Fix an issue where the session would get reset before the cookie expiry.

2.10.0 (2021-12-30)
===================

* Typing support
* Add samesite cookie option
* Support aioredis 2

2.9.0 (2019-11-04)
==================

* Fix memcached expiring time (#398)

2.8.0 (2019-09-17)
==================

* Make this compatible with Python 3.7+. Import from collections.abc, instead
  of from collections. (#373)


2.7.0 (2018-10-13)
==================

* Reset a session if the session age > max_age (#331)

* Reset a session on TTL expiration for EncryptedCookieStorage (#326)

2.6.0 (2018-09-12)
==================

* Create a new session if `NaClCookieStorage` cannot decode a
  corrupted cookie (#317)

2.5.0 (2018-05-12)
==================

* Add an API for requesting new session explicitly (#281)

2.4.0 (2018-05-04)
==================

* Fix a bug for session fixation (#272)

2.3.0 (2018-02-13)
==================

- Support custom encoder and decoder by all storages (#252)
- Bump to aiohttp 3.0

2.2.0 (2018-01-31)
==================

- Fixed the formatting of an error handling bad middleware return types. (#249)

2.1.0 (2017-11-24)
==================

- Add `session.set_new_identity()` method for changing identity for a
  new session (#236)

2.0.1 (2017-11-22)
==================

- Replace assertions in aioredis installation checks by `RuntimeError` (#235)

2.0.0 (2017-11-21)
==================

- Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible
  with aioredis 0.X (#234)

1.2.1 (2017-11-20)
==================

- Pin aioredis<1.0 (#231)

1.2.0 (2017-11-06)
==================

- Add MemcachedStorage (#224)

1.1.0 (2017-11-03)
==================

- Upgrade middleware to new style from aiohttp 2.3+


1.0.1 (2017-09-13)
==================

- Add key_factory attribute for redis_storage (#205)

1.0.0 (2017-07-27)
==================

- Catch decoder exception in RedisStorage on data load (#175)

- Specify domain and path on cookie deletion (#171)

0.8.0 (2016-12-04)
==================

- Use `time.time()` instead of `time.monotonic()` for absolute times (#81)

0.7.0 (2016-09-24)
==================

- Fix tests to be compatible with aiohttp upstream API for client cookies

0.6.0 (2016-09-08)
==================

- Add expires field automatically to support older browsers (#43)

- Respect session.max_age in redis storage #45

- Always pass default max_age from storage into session (#45)

0.5.0 (2016-02-21)
==================

- Handle cryptography.fernet.InvalidToken exception by providing an
  empty session (#29)

0.4.0 (2016-01-06)
==================

- Add optional NaCl encrypted storage (#20)

- Relax EncryptedCookieStorage to accept base64 encoded string,
  e.g. generated by Fernet.generate_key.

- Add setup() function

- Save the session even on exception in the middleware chain

0.3.0 (2015-11-20)
==================

- Reflect aiohttp changes: minimum required Python version is 3.4.1

- Use explicit 'aiohttp_session' package

0.2.0 (2015-09-07)
==================

- Add session.created property (#14)

- Replaced PyCrypto with crypthography library (#16)

0.1.2 (2015-08-07)
==================

- Add manifest file (#15)

0.1.1 (2015-04-20)
==================

- Fix #7: stop cookie name growing each time session is saved


0.1.0 (2015-04-13)
==================

- First public release

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/aio-libs/aiohttp_session/",
    "name": "aiohttp-session",
    "maintainer": "",
    "docs_url": null,
    "requires_python": ">=3.7",
    "maintainer_email": "",
    "keywords": "",
    "author": "Andrew Svetlov",
    "author_email": "andrew.svetlov@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/34/87/8dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867/aiohttp-session-2.12.0.tar.gz",
    "platform": null,
    "description": "aiohttp_session\n===============\n.. image:: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master\n    :target: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml\n.. image:: https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master\n    :target: https://codecov.io/github/aio-libs/aiohttp-session\n.. image:: https://readthedocs.org/projects/aiohttp-session/badge/?version=latest\n    :target: https://aiohttp-session.readthedocs.io/\n.. image:: https://img.shields.io/pypi/v/aiohttp-session.svg\n    :target: https://pypi.python.org/pypi/aiohttp-session\n\nThe library provides sessions for `aiohttp.web`__.\n\n.. _aiohttp_web: https://aiohttp.readthedocs.io/en/latest/web.html\n\n__ aiohttp_web_\n\nUsage\n-----\n\nThe library allows us to store user-specific data into a session object.\n\nThe session object has a dict-like interface (operations like\n``session[key] = value``, ``value = session[key]`` etc. are present).\n\n\nBefore processing the session in a web-handler, you have to register the\n*session middleware* in ``aiohttp.web.Application``.\n\nA trivial usage example:\n\n.. code:: python\n\n    import time\n    from cryptography import fernet\n    from aiohttp import web\n    from aiohttp_session import setup, get_session\n    from aiohttp_session.cookie_storage import EncryptedCookieStorage\n\n\n    async def handler(request):\n        session = await get_session(request)\n        last_visit = session['last_visit'] if 'last_visit' in session else None\n        session['last_visit'] = time.time()\n        text = 'Last visited: {}'.format(last_visit)\n        return web.Response(text=text)\n\n\n    def make_app():\n        app = web.Application()\n        fernet_key = fernet.Fernet.generate_key()\n        f = fernet.Fernet(fernet_key)\n        setup(app, EncryptedCookieStorage(f))\n        app.router.add_get('/', handler)\n        return app\n\n\n    web.run_app(make_app())\n\n\nAll storages use an HTTP Cookie named ``AIOHTTP_SESSION`` for storing\ndata. This can be modified by passing the keyword argument ``cookie_name`` to\nthe storage class of your choice.\n\nAvailable session storages are:\n\n* ``aiohttp_session.SimpleCookieStorage()`` -- keeps session data as a\n  plain JSON string in the cookie body. Use the storage only for testing\n  purposes, it's very non-secure.\n\n* ``aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)``\n  -- stores the session data into a cookie as ``SimpleCookieStorage`` but\n  encodes it via AES cipher. ``secrect_key`` is a ``bytes`` key for AES\n  encryption/decryption, the length should be 32 bytes.\n\n  Requires ``cryptography`` library::\n\n      $ pip install aiohttp_session[secure]\n\n* ``aiohttp_session.redis_storage.RedisStorage(redis_pool)`` -- stores\n  JSON encoded data in *redis*, keeping only the redis key (a random UUID) in\n  the cookie. ``redis_pool`` is a ``redis`` object, created by\n  ``await aioredis.from_url(...)`` call.\n\n      $ pip install aiohttp_session[aioredis]\n\n\nDeveloping\n----------\n\nInstall for local development::\n\n    $ make setup\n\nRun linters::\n\n    $ make lint\n\nRun tests::\n\n    $ make test\n\n\nThird party extensions\n----------------------\n\n* `aiohttp_session_mongo\n  <https://github.com/alexpantyukhin/aiohttp-session-mongo>`_\n\n* `aiohttp_session_dynamodb\n  <https://github.com/alexpantyukhin/aiohttp-session-dynamodb>`_\n\n\nLicense\n-------\n\n``aiohttp_session`` is offered under the Apache 2 license.\n\n.. towncrier release notes start\n\n2.12.0 (2022-10-28)\n===================\n\n* Migrated from `aioredis` to `redis` (if using redis without installing\n  `aiohttp-session[aioredis]` then it will be necessary to manually install `redis`).\n\n2.11.0 (2021-01-31)\n===================\n\n* Support initialising `EncryptedCookieStorage` with `Fernet` object directly.\n* Fix an issue where the session would get reset before the cookie expiry.\n\n2.10.0 (2021-12-30)\n===================\n\n* Typing support\n* Add samesite cookie option\n* Support aioredis 2\n\n2.9.0 (2019-11-04)\n==================\n\n* Fix memcached expiring time (#398)\n\n2.8.0 (2019-09-17)\n==================\n\n* Make this compatible with Python 3.7+. Import from collections.abc, instead\n  of from collections. (#373)\n\n\n2.7.0 (2018-10-13)\n==================\n\n* Reset a session if the session age > max_age (#331)\n\n* Reset a session on TTL expiration for EncryptedCookieStorage (#326)\n\n2.6.0 (2018-09-12)\n==================\n\n* Create a new session if `NaClCookieStorage` cannot decode a\n  corrupted cookie (#317)\n\n2.5.0 (2018-05-12)\n==================\n\n* Add an API for requesting new session explicitly (#281)\n\n2.4.0 (2018-05-04)\n==================\n\n* Fix a bug for session fixation (#272)\n\n2.3.0 (2018-02-13)\n==================\n\n- Support custom encoder and decoder by all storages (#252)\n- Bump to aiohttp 3.0\n\n2.2.0 (2018-01-31)\n==================\n\n- Fixed the formatting of an error handling bad middleware return types. (#249)\n\n2.1.0 (2017-11-24)\n==================\n\n- Add `session.set_new_identity()` method for changing identity for a\n  new session (#236)\n\n2.0.1 (2017-11-22)\n==================\n\n- Replace assertions in aioredis installation checks by `RuntimeError` (#235)\n\n2.0.0 (2017-11-21)\n==================\n\n- Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible\n  with aioredis 0.X (#234)\n\n1.2.1 (2017-11-20)\n==================\n\n- Pin aioredis<1.0 (#231)\n\n1.2.0 (2017-11-06)\n==================\n\n- Add MemcachedStorage (#224)\n\n1.1.0 (2017-11-03)\n==================\n\n- Upgrade middleware to new style from aiohttp 2.3+\n\n\n1.0.1 (2017-09-13)\n==================\n\n- Add key_factory attribute for redis_storage (#205)\n\n1.0.0 (2017-07-27)\n==================\n\n- Catch decoder exception in RedisStorage on data load (#175)\n\n- Specify domain and path on cookie deletion (#171)\n\n0.8.0 (2016-12-04)\n==================\n\n- Use `time.time()` instead of `time.monotonic()` for absolute times (#81)\n\n0.7.0 (2016-09-24)\n==================\n\n- Fix tests to be compatible with aiohttp upstream API for client cookies\n\n0.6.0 (2016-09-08)\n==================\n\n- Add expires field automatically to support older browsers (#43)\n\n- Respect session.max_age in redis storage #45\n\n- Always pass default max_age from storage into session (#45)\n\n0.5.0 (2016-02-21)\n==================\n\n- Handle cryptography.fernet.InvalidToken exception by providing an\n  empty session (#29)\n\n0.4.0 (2016-01-06)\n==================\n\n- Add optional NaCl encrypted storage (#20)\n\n- Relax EncryptedCookieStorage to accept base64 encoded string,\n  e.g. generated by Fernet.generate_key.\n\n- Add setup() function\n\n- Save the session even on exception in the middleware chain\n\n0.3.0 (2015-11-20)\n==================\n\n- Reflect aiohttp changes: minimum required Python version is 3.4.1\n\n- Use explicit 'aiohttp_session' package\n\n0.2.0 (2015-09-07)\n==================\n\n- Add session.created property (#14)\n\n- Replaced PyCrypto with crypthography library (#16)\n\n0.1.2 (2015-08-07)\n==================\n\n- Add manifest file (#15)\n\n0.1.1 (2015-04-20)\n==================\n\n- Fix #7: stop cookie name growing each time session is saved\n\n\n0.1.0 (2015-04-13)\n==================\n\n- First public release\n",
    "bugtrack_url": null,
    "license": "Apache 2",
    "summary": "sessions for aiohttp.web",
    "version": "2.12.0",
    "project_urls": {
        "Homepage": "https://github.com/aio-libs/aiohttp_session/"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ac5c29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f",
                "md5": "e0f46a5773a644fa8879e59b95bd9f80",
                "sha256": "f0bf0caa2f5b5a56cb50a45f98d61f60d8523322099a2857410530149706f5e5"
            },
            "downloads": -1,
            "filename": "aiohttp_session-2.12.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "e0f46a5773a644fa8879e59b95bd9f80",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.7",
            "size": 12542,
            "upload_time": "2022-10-28T23:56:58",
            "upload_time_iso_8601": "2022-10-28T23:56:58.472907Z",
            "url": "https://files.pythonhosted.org/packages/ac/5c/29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f/aiohttp_session-2.12.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "34878dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867",
                "md5": "b89bde69f6f3c61a991ff408d2733838",
                "sha256": "0ccd11a7c77cb9e5a61f4daacdc9170d561112f9cfaf9e9a2d9867c0587d1950"
            },
            "downloads": -1,
            "filename": "aiohttp-session-2.12.0.tar.gz",
            "has_sig": false,
            "md5_digest": "b89bde69f6f3c61a991ff408d2733838",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.7",
            "size": 92803,
            "upload_time": "2022-10-28T23:57:00",
            "upload_time_iso_8601": "2022-10-28T23:57:00.285468Z",
            "url": "https://files.pythonhosted.org/packages/34/87/8dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867/aiohttp-session-2.12.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2022-10-28 23:57:00",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "aio-libs",
    "github_project": "aiohttp_session",
    "travis_ci": false,
    "coveralls": true,
    "github_actions": true,
    "requirements": [],
    "lcname": "aiohttp-session"
}
        
Elapsed time: 0.24071s