Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

control of Session hash_method, serialization_method, expiration behavior #163

Closed
foresto opened this Issue · 1 comment

2 participants

@foresto

[Revised after reading the code more carefully.]

I'd like to use Flask sessions with a few tweaks:

  • json instead of pickle
  • sha256 or sha512 instead of sha1
  • expiration when the browser closes or after an idle time limit, whichever comes first: save_cookie(session_expires=something, expires=None)
  • automatically updated last-request time, to support the idle time limit

In the absence of direct support of these features, I think I can accomplish them with a SecureCookie/Session subclass. It looks like I can make Flask use my subclass by overriding Flask.open_session(), but since the existing method contains slightly more logic than simply instantiating a Session, I'm concerned that overriding it might introduce strange behavior with future versions of Flask

Would you consider exposing an official means of using a custom Session/SecureCookie class? Maybe even turning some of the above tweaks into Flask configuration options?

@DasIch
Collaborator

This can be done with SessionInterface.

@DasIch DasIch closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.