control of Session hash_method, serialization_method, expiration behavior #163

foresto opened this Issue Jan 30, 2011 · 1 comment


None yet
2 participants

foresto commented Jan 30, 2011

[Revised after reading the code more carefully.]

I'd like to use Flask sessions with a few tweaks:

  • json instead of pickle
  • sha256 or sha512 instead of sha1
  • expiration when the browser closes or after an idle time limit, whichever comes first: save_cookie(session_expires=something, expires=None)
  • automatically updated last-request time, to support the idle time limit

In the absence of direct support of these features, I think I can accomplish them with a SecureCookie/Session subclass. It looks like I can make Flask use my subclass by overriding Flask.open_session(), but since the existing method contains slightly more logic than simply instantiating a Session, I'm concerned that overriding it might introduce strange behavior with future versions of Flask

Would you consider exposing an official means of using a custom Session/SecureCookie class? Maybe even turning some of the above tweaks into Flask configuration options?


DasIch commented Jul 26, 2014

This can be done with SessionInterface.

@DasIch DasIch closed this Jul 26, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment