Skip to content

aio-libs/aiohttp-session

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 33 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
 
 
aiohttp_session
 
 
demo
 
 
docs
 
 
examples
 
 
tests
 
 
.codecov.yml
 
 
.coveragerc
 
 
.flake8
 
 
.gitignore
 
 
.isort.cfg
 
 
.mypy.ini
 
 
.pre-commit-config.yaml
 
 
.pyup.yml
 
 
CHANGES.txt
 
 
LICENSE
 
 
MANIFEST.in
 
 
Makefile
 
 
README.rst
 
 
codecov.yml
 
 
pytest.ini
 
 
requirements-dev.txt
 
 
requirements.txt
 
 
setup.py
 
 
aiohttp_session Usage Developing Third party extensions License

README.rst

aiohttp_session

https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master https://readthedocs.org/projects/aiohttp-session/badge/?version=latest

The library provides sessions for aiohttp.web.

Usage

The library allows us to store user-specific data into a session object.

The session object has a dict-like interface (operations like session[key] = value, value = session[key] etc. are present).

Before processing the session in a web-handler, you have to register the session middleware in aiohttp.web.Application.

A trivial usage example:

import time
from cryptography import fernet
from aiohttp import web
from aiohttp_session import setup, get_session
from aiohttp_session.cookie_storage import EncryptedCookieStorage


async def handler(request):
    session = await get_session(request)
    last_visit = session['last_visit'] if 'last_visit' in session else None
    session['last_visit'] = time.time()
    text = 'Last visited: {}'.format(last_visit)
    return web.Response(text=text)


def make_app():
    app = web.Application()
    fernet_key = fernet.Fernet.generate_key()
    f = fernet.Fernet(fernet_key)
    setup(app, EncryptedCookieStorage(f))
    app.router.add_get('/', handler)
    return app


web.run_app(make_app())

All storages use an HTTP Cookie named AIOHTTP_SESSION for storing data. This can be modified by passing the keyword argument cookie_name to the storage class of your choice.

Available session storages are:

  • aiohttp_session.SimpleCookieStorage() -- keeps session data as a plain JSON string in the cookie body. Use the storage only for testing purposes, it's very non-secure.

  • aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key) -- stores the session data into a cookie as SimpleCookieStorage but encodes it via AES cipher. secrect_key is a bytes key for AES encryption/decryption, the length should be 32 bytes.

    Requires cryptography library:

    $ pip install aiohttp_session[secure]

  • aiohttp_session.redis_storage.RedisStorage(redis_pool) -- stores JSON encoded data in redis, keeping only the redis key (a random UUID) in the cookie. redis_pool is a redis object, created by await aioredis.from_url(...) call.

    $ pip install aiohttp_session[aioredis]

Developing

Install for local development:

$ make setup

Run linters:

$ make lint

Run tests:

$ make test

Third party extensions

License

aiohttp_session is offered under the Apache 2 license.

About

Web sessions for aiohttp.web

aiohttp-session.readthedocs.io/

Topics

aiohttp asyncio

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity

Stars

236 stars

Watchers

14 watching

Forks

88 forks
Report repository

Releases 24

v2.12.0 Latest
Oct 28, 2022
+ 23 releases

Packages

No packages published

Used by 33.9k

  • @HeimSec
  • @NikolaiPohodenko
  • @wee-dwee
  • @Semyonov-K
  • @EugeneDlg
  • @Yulia91025
  • @XiaoLinZzz
  • @TamaraSavadyan
+ 33,922

Contributors 50

+ 36 contributors

Languages