Skip to content

Latest commit

 

History

History
147 lines (67 loc) · 3.6 KB

session-basics.rst

File metadata and controls

147 lines (67 loc) · 3.6 KB
Raw
LastChangedDate

$LastChangedDate$

LastChangedRevision

$LastChangedRevision$

LastChangedBy

$LastChangedBy$

Session Basics

Sessions are the most complicated topic covered in this series of examples, and because of that it is going to take a few examples to cover all of the different aspects. This first example demonstrates the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.

Before diving into the APIs, let's look at the big picture of sessions in Twisted Web. Sessions are represented by instances of :pySession <twisted.web.server.Session> . The :pySite <twisted.web.server.Site> creates a new instance of Session the first time an application asks for it for a particular session. Session instances are kept on the Site instance until they expire (due to inactivity or because they are explicitly expired). Each time after the first that a particular session's Session object is requested, it is retrieved from the Site .

With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script <rpy-scripts> which tells a user what its unique session identifier is and lets it prematurely expire the session.

First, we'll import :pyResource <twisted.web.resource.Resource> so we can define a couple of subclasses of it:

from twisted.web.resource import Resource

Next we'll define the resource which tells the client what its session identifier is. This is done easily by first getting the session object using :pyRequest.getSession <twisted.web.server.Request.getSession> and then getting the session object's uid attribute:

class ShowSession(Resource):
    def render_GET(self, request):
        return b'Your session id is: ' + request.getSession().uid

To let the client expire its own session before it times out, we'll define another resource which expires whatever session it is requested with. This is done using the :pySession.expire <twisted.web.server.Session.expire> method:

class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return b'Your session has been expired.'

Finally, to make the example an rpy script, we'll make an instance of ShowSession and give it an instance of ExpireSession as a child using :pyResource.putChild <twisted.web.resource.Resource.putChild> :

resource = ShowSession()
resource.putChild(b"expire", ExpireSession())

And that is the complete example. You can fire this up and load the top page. You'll see a (rather opaque) session identifier that remains the same across reloads (at least until you flush the TWISTED_SESSION cookie from your browser or enough time passes). You can then visit the expire child and go back to the top page and see that you have a new session.

Here's the complete source for the example:

from twisted.web.resource import Resource

class ShowSession(Resource):
    def render_GET(self, request):
        return b'Your session id is: ' + request.getSession().uid

class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return b'Your session has been expired.'

resource = ShowSession()
resource.putChild(b"expire", ExpireSession())