Skip to content


Subversion checkout URL

You can clone with
Download ZIP


control of Session hash_method, serialization_method, expiration behavior #163

foresto opened this Issue · 1 comment

2 participants


[Revised after reading the code more carefully.]

I'd like to use Flask sessions with a few tweaks:

  • json instead of pickle
  • sha256 or sha512 instead of sha1
  • expiration when the browser closes or after an idle time limit, whichever comes first: save_cookie(session_expires=something, expires=None)
  • automatically updated last-request time, to support the idle time limit

In the absence of direct support of these features, I think I can accomplish them with a SecureCookie/Session subclass. It looks like I can make Flask use my subclass by overriding Flask.open_session(), but since the existing method contains slightly more logic than simply instantiating a Session, I'm concerned that overriding it might introduce strange behavior with future versions of Flask

Would you consider exposing an official means of using a custom Session/SecureCookie class? Maybe even turning some of the above tweaks into Flask configuration options?


This can be done with SessionInterface.

@DasIch DasIch closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.