aiohttp_session
===============
.. image:: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master
:target: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml
.. image:: https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master
:target: https://codecov.io/github/aio-libs/aiohttp-session
.. image:: https://readthedocs.org/projects/aiohttp-session/badge/?version=latest
:target: https://aiohttp-session.readthedocs.io/
.. image:: https://img.shields.io/pypi/v/aiohttp-session.svg
:target: https://pypi.python.org/pypi/aiohttp-session
The library provides sessions for `aiohttp.web`__.
.. _aiohttp_web: https://aiohttp.readthedocs.io/en/latest/web.html
__ aiohttp_web_
Usage
-----
The library allows us to store user-specific data into a session object.
The session object has a dict-like interface (operations like
``session[key] = value``, ``value = session[key]`` etc. are present).
Before processing the session in a web-handler, you have to register the
*session middleware* in ``aiohttp.web.Application``.
A trivial usage example:
.. code:: python
import time
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage
async def handler(request):
session = await get_session(request)
last_visit = session['last_visit'] if 'last_visit' in session else None
session['last_visit'] = time.time()
text = 'Last visited: {}'.format(last_visit)
return web.Response(text=text)
def make_app():
app = web.Application()
fernet_key = fernet.Fernet.generate_key()
f = fernet.Fernet(fernet_key)
setup(app, EncryptedCookieStorage(f))
app.router.add_get('/', handler)
return app
web.run_app(make_app())
All storages use an HTTP Cookie named ``AIOHTTP_SESSION`` for storing
data. This can be modified by passing the keyword argument ``cookie_name`` to
the storage class of your choice.
Available session storages are:
* ``aiohttp_session.SimpleCookieStorage()`` -- keeps session data as a
plain JSON string in the cookie body. Use the storage only for testing
purposes, it's very non-secure.
* ``aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)``
-- stores the session data into a cookie as ``SimpleCookieStorage`` but
encodes it via AES cipher. ``secrect_key`` is a ``bytes`` key for AES
encryption/decryption, the length should be 32 bytes.
Requires ``cryptography`` library::
$ pip install aiohttp_session[secure]
* ``aiohttp_session.redis_storage.RedisStorage(redis_pool)`` -- stores
JSON encoded data in *redis*, keeping only the redis key (a random UUID) in
the cookie. ``redis_pool`` is a ``redis`` object, created by
``await aioredis.from_url(...)`` call.
$ pip install aiohttp_session[aioredis]
Developing
----------
Install for local development::
$ make setup
Run linters::
$ make lint
Run tests::
$ make test
Third party extensions
----------------------
* `aiohttp_session_mongo
<https://github.com/alexpantyukhin/aiohttp-session-mongo>`_
* `aiohttp_session_dynamodb
<https://github.com/alexpantyukhin/aiohttp-session-dynamodb>`_
License
-------
``aiohttp_session`` is offered under the Apache 2 license.
.. towncrier release notes start
2.12.0 (2022-10-28)
===================
* Migrated from `aioredis` to `redis` (if using redis without installing
`aiohttp-session[aioredis]` then it will be necessary to manually install `redis`).
2.11.0 (2021-01-31)
===================
* Support initialising `EncryptedCookieStorage` with `Fernet` object directly.
* Fix an issue where the session would get reset before the cookie expiry.
2.10.0 (2021-12-30)
===================
* Typing support
* Add samesite cookie option
* Support aioredis 2
2.9.0 (2019-11-04)
==================
* Fix memcached expiring time (#398)
2.8.0 (2019-09-17)
==================
* Make this compatible with Python 3.7+. Import from collections.abc, instead
of from collections. (#373)
2.7.0 (2018-10-13)
==================
* Reset a session if the session age > max_age (#331)
* Reset a session on TTL expiration for EncryptedCookieStorage (#326)
2.6.0 (2018-09-12)
==================
* Create a new session if `NaClCookieStorage` cannot decode a
corrupted cookie (#317)
2.5.0 (2018-05-12)
==================
* Add an API for requesting new session explicitly (#281)
2.4.0 (2018-05-04)
==================
* Fix a bug for session fixation (#272)
2.3.0 (2018-02-13)
==================
- Support custom encoder and decoder by all storages (#252)
- Bump to aiohttp 3.0
2.2.0 (2018-01-31)
==================
- Fixed the formatting of an error handling bad middleware return types. (#249)
2.1.0 (2017-11-24)
==================
- Add `session.set_new_identity()` method for changing identity for a
new session (#236)
2.0.1 (2017-11-22)
==================
- Replace assertions in aioredis installation checks by `RuntimeError` (#235)
2.0.0 (2017-11-21)
==================
- Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible
with aioredis 0.X (#234)
1.2.1 (2017-11-20)
==================
- Pin aioredis<1.0 (#231)
1.2.0 (2017-11-06)
==================
- Add MemcachedStorage (#224)
1.1.0 (2017-11-03)
==================
- Upgrade middleware to new style from aiohttp 2.3+
1.0.1 (2017-09-13)
==================
- Add key_factory attribute for redis_storage (#205)
1.0.0 (2017-07-27)
==================
- Catch decoder exception in RedisStorage on data load (#175)
- Specify domain and path on cookie deletion (#171)
0.8.0 (2016-12-04)
==================
- Use `time.time()` instead of `time.monotonic()` for absolute times (#81)
0.7.0 (2016-09-24)
==================
- Fix tests to be compatible with aiohttp upstream API for client cookies
0.6.0 (2016-09-08)
==================
- Add expires field automatically to support older browsers (#43)
- Respect session.max_age in redis storage #45
- Always pass default max_age from storage into session (#45)
0.5.0 (2016-02-21)
==================
- Handle cryptography.fernet.InvalidToken exception by providing an
empty session (#29)
0.4.0 (2016-01-06)
==================
- Add optional NaCl encrypted storage (#20)
- Relax EncryptedCookieStorage to accept base64 encoded string,
e.g. generated by Fernet.generate_key.
- Add setup() function
- Save the session even on exception in the middleware chain
0.3.0 (2015-11-20)
==================
- Reflect aiohttp changes: minimum required Python version is 3.4.1
- Use explicit 'aiohttp_session' package
0.2.0 (2015-09-07)
==================
- Add session.created property (#14)
- Replaced PyCrypto with crypthography library (#16)
0.1.2 (2015-08-07)
==================
- Add manifest file (#15)
0.1.1 (2015-04-20)
==================
- Fix #7: stop cookie name growing each time session is saved
0.1.0 (2015-04-13)
==================
- First public release
Raw data
{
"_id": null,
"home_page": "https://github.com/aio-libs/aiohttp_session/",
"name": "aiohttp-session",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "",
"keywords": "",
"author": "Andrew Svetlov",
"author_email": "andrew.svetlov@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/34/87/8dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867/aiohttp-session-2.12.0.tar.gz",
"platform": null,
"description": "aiohttp_session\n===============\n.. image:: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master\n :target: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml\n.. image:: https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master\n :target: https://codecov.io/github/aio-libs/aiohttp-session\n.. image:: https://readthedocs.org/projects/aiohttp-session/badge/?version=latest\n :target: https://aiohttp-session.readthedocs.io/\n.. image:: https://img.shields.io/pypi/v/aiohttp-session.svg\n :target: https://pypi.python.org/pypi/aiohttp-session\n\nThe library provides sessions for `aiohttp.web`__.\n\n.. _aiohttp_web: https://aiohttp.readthedocs.io/en/latest/web.html\n\n__ aiohttp_web_\n\nUsage\n-----\n\nThe library allows us to store user-specific data into a session object.\n\nThe session object has a dict-like interface (operations like\n``session[key] = value``, ``value = session[key]`` etc. are present).\n\n\nBefore processing the session in a web-handler, you have to register the\n*session middleware* in ``aiohttp.web.Application``.\n\nA trivial usage example:\n\n.. code:: python\n\n import time\n from cryptography import fernet\n from aiohttp import web\n from aiohttp_session import setup, get_session\n from aiohttp_session.cookie_storage import EncryptedCookieStorage\n\n\n async def handler(request):\n session = await get_session(request)\n last_visit = session['last_visit'] if 'last_visit' in session else None\n session['last_visit'] = time.time()\n text = 'Last visited: {}'.format(last_visit)\n return web.Response(text=text)\n\n\n def make_app():\n app = web.Application()\n fernet_key = fernet.Fernet.generate_key()\n f = fernet.Fernet(fernet_key)\n setup(app, EncryptedCookieStorage(f))\n app.router.add_get('/', handler)\n return app\n\n\n web.run_app(make_app())\n\n\nAll storages use an HTTP Cookie named ``AIOHTTP_SESSION`` for storing\ndata. This can be modified by passing the keyword argument ``cookie_name`` to\nthe storage class of your choice.\n\nAvailable session storages are:\n\n* ``aiohttp_session.SimpleCookieStorage()`` -- keeps session data as a\n plain JSON string in the cookie body. Use the storage only for testing\n purposes, it's very non-secure.\n\n* ``aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)``\n -- stores the session data into a cookie as ``SimpleCookieStorage`` but\n encodes it via AES cipher. ``secrect_key`` is a ``bytes`` key for AES\n encryption/decryption, the length should be 32 bytes.\n\n Requires ``cryptography`` library::\n\n $ pip install aiohttp_session[secure]\n\n* ``aiohttp_session.redis_storage.RedisStorage(redis_pool)`` -- stores\n JSON encoded data in *redis*, keeping only the redis key (a random UUID) in\n the cookie. ``redis_pool`` is a ``redis`` object, created by\n ``await aioredis.from_url(...)`` call.\n\n $ pip install aiohttp_session[aioredis]\n\n\nDeveloping\n----------\n\nInstall for local development::\n\n $ make setup\n\nRun linters::\n\n $ make lint\n\nRun tests::\n\n $ make test\n\n\nThird party extensions\n----------------------\n\n* `aiohttp_session_mongo\n <https://github.com/alexpantyukhin/aiohttp-session-mongo>`_\n\n* `aiohttp_session_dynamodb\n <https://github.com/alexpantyukhin/aiohttp-session-dynamodb>`_\n\n\nLicense\n-------\n\n``aiohttp_session`` is offered under the Apache 2 license.\n\n.. towncrier release notes start\n\n2.12.0 (2022-10-28)\n===================\n\n* Migrated from `aioredis` to `redis` (if using redis without installing\n `aiohttp-session[aioredis]` then it will be necessary to manually install `redis`).\n\n2.11.0 (2021-01-31)\n===================\n\n* Support initialising `EncryptedCookieStorage` with `Fernet` object directly.\n* Fix an issue where the session would get reset before the cookie expiry.\n\n2.10.0 (2021-12-30)\n===================\n\n* Typing support\n* Add samesite cookie option\n* Support aioredis 2\n\n2.9.0 (2019-11-04)\n==================\n\n* Fix memcached expiring time (#398)\n\n2.8.0 (2019-09-17)\n==================\n\n* Make this compatible with Python 3.7+. Import from collections.abc, instead\n of from collections. (#373)\n\n\n2.7.0 (2018-10-13)\n==================\n\n* Reset a session if the session age > max_age (#331)\n\n* Reset a session on TTL expiration for EncryptedCookieStorage (#326)\n\n2.6.0 (2018-09-12)\n==================\n\n* Create a new session if `NaClCookieStorage` cannot decode a\n corrupted cookie (#317)\n\n2.5.0 (2018-05-12)\n==================\n\n* Add an API for requesting new session explicitly (#281)\n\n2.4.0 (2018-05-04)\n==================\n\n* Fix a bug for session fixation (#272)\n\n2.3.0 (2018-02-13)\n==================\n\n- Support custom encoder and decoder by all storages (#252)\n- Bump to aiohttp 3.0\n\n2.2.0 (2018-01-31)\n==================\n\n- Fixed the formatting of an error handling bad middleware return types. (#249)\n\n2.1.0 (2017-11-24)\n==================\n\n- Add `session.set_new_identity()` method for changing identity for a\n new session (#236)\n\n2.0.1 (2017-11-22)\n==================\n\n- Replace assertions in aioredis installation checks by `RuntimeError` (#235)\n\n2.0.0 (2017-11-21)\n==================\n\n- Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible\n with aioredis 0.X (#234)\n\n1.2.1 (2017-11-20)\n==================\n\n- Pin aioredis<1.0 (#231)\n\n1.2.0 (2017-11-06)\n==================\n\n- Add MemcachedStorage (#224)\n\n1.1.0 (2017-11-03)\n==================\n\n- Upgrade middleware to new style from aiohttp 2.3+\n\n\n1.0.1 (2017-09-13)\n==================\n\n- Add key_factory attribute for redis_storage (#205)\n\n1.0.0 (2017-07-27)\n==================\n\n- Catch decoder exception in RedisStorage on data load (#175)\n\n- Specify domain and path on cookie deletion (#171)\n\n0.8.0 (2016-12-04)\n==================\n\n- Use `time.time()` instead of `time.monotonic()` for absolute times (#81)\n\n0.7.0 (2016-09-24)\n==================\n\n- Fix tests to be compatible with aiohttp upstream API for client cookies\n\n0.6.0 (2016-09-08)\n==================\n\n- Add expires field automatically to support older browsers (#43)\n\n- Respect session.max_age in redis storage #45\n\n- Always pass default max_age from storage into session (#45)\n\n0.5.0 (2016-02-21)\n==================\n\n- Handle cryptography.fernet.InvalidToken exception by providing an\n empty session (#29)\n\n0.4.0 (2016-01-06)\n==================\n\n- Add optional NaCl encrypted storage (#20)\n\n- Relax EncryptedCookieStorage to accept base64 encoded string,\n e.g. generated by Fernet.generate_key.\n\n- Add setup() function\n\n- Save the session even on exception in the middleware chain\n\n0.3.0 (2015-11-20)\n==================\n\n- Reflect aiohttp changes: minimum required Python version is 3.4.1\n\n- Use explicit 'aiohttp_session' package\n\n0.2.0 (2015-09-07)\n==================\n\n- Add session.created property (#14)\n\n- Replaced PyCrypto with crypthography library (#16)\n\n0.1.2 (2015-08-07)\n==================\n\n- Add manifest file (#15)\n\n0.1.1 (2015-04-20)\n==================\n\n- Fix #7: stop cookie name growing each time session is saved\n\n\n0.1.0 (2015-04-13)\n==================\n\n- First public release\n",
"bugtrack_url": null,
"license": "Apache 2",
"summary": "sessions for aiohttp.web",
"version": "2.12.0",
"project_urls": {
"Homepage": "https://github.com/aio-libs/aiohttp_session/"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ac5c29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f",
"md5": "e0f46a5773a644fa8879e59b95bd9f80",
"sha256": "f0bf0caa2f5b5a56cb50a45f98d61f60d8523322099a2857410530149706f5e5"
},
"downloads": -1,
"filename": "aiohttp_session-2.12.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "e0f46a5773a644fa8879e59b95bd9f80",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 12542,
"upload_time": "2022-10-28T23:56:58",
"upload_time_iso_8601": "2022-10-28T23:56:58.472907Z",
"url": "https://files.pythonhosted.org/packages/ac/5c/29d17aad3df4fce0a9c6c2d4ed785a5ea0cebe36c78be12adb53514a901f/aiohttp_session-2.12.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "34878dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867",
"md5": "b89bde69f6f3c61a991ff408d2733838",
"sha256": "0ccd11a7c77cb9e5a61f4daacdc9170d561112f9cfaf9e9a2d9867c0587d1950"
},
"downloads": -1,
"filename": "aiohttp-session-2.12.0.tar.gz",
"has_sig": false,
"md5_digest": "b89bde69f6f3c61a991ff408d2733838",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.7",
"size": 92803,
"upload_time": "2022-10-28T23:57:00",
"upload_time_iso_8601": "2022-10-28T23:57:00.285468Z",
"url": "https://files.pythonhosted.org/packages/34/87/8dbc1385c875497d6bc16c9d94e25dbd8ff62599843b73fb4048ba74c867/aiohttp-session-2.12.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2022-10-28 23:57:00",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "aio-libs",
"github_project": "aiohttp_session",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"requirements": [],
"lcname": "aiohttp-session"
}
JSON
