beaker.session – Session classes

Module Contents

class beaker.session.CookieSession(request, key='beaker.session.id', timeout=None, cookie_expires=True, cookie_domain=None, encrypt_key=None, validate_key=None, secure=False, httponly=False, **kwargs)

Pure cookie-based session

Options recognized when using cookie-based sessions are slightly more restricted than general sessions.

Parameters:
  • key – The name the cookie should be set to.
  • timeout (int) – How long session data is considered valid. This is used regardless of the cookie being present or not to determine whether session data is still valid.
  • cookie_domain – Domain to use for the cookie.
  • secure – Whether or not the cookie should only be sent over SSL.
  • httponly – Whether or not the cookie should only be accessible by the browser not by JavaScript.
  • encrypt_key – The key to use for the local session encryption, if not provided the session will not be encrypted.
  • validate_key – The key used to sign the local encrypted session
delete()

Delete the cookie, and clear the session

expire()

Delete the ‘expires’ attribute on this Session, if any.

invalidate()

Clear the contents and start a new session

save(accessed_only=False)

Saves the data for this session to persistent storage

class beaker.session.Session(request, id=None, invalidate_corrupt=False, use_cookies=True, type=None, data_dir=None, key='beaker.session.id', timeout=None, cookie_expires=True, cookie_domain=None, secret=None, secure=False, namespace_class=None, httponly=False, encrypt_key=None, validate_key=None, **namespace_args)

Session object that uses container package for storage.

Parameters:
  • invalidate_corrupt (bool) – How to handle corrupt data when loading. When set to True, then corrupt data will be silently invalidated and a new session created, otherwise invalid data will cause an exception.
  • use_cookies (bool) – Whether or not cookies should be created. When set to False, it is assumed the user will handle storing the session on their own.
  • type – What data backend type should be used to store the underlying session data
  • key – The name the cookie should be set to.
  • timeout (int) – How long session data is considered valid. This is used regardless of the cookie being present or not to determine whether session data is still valid.
  • cookie_domain – Domain to use for the cookie.
  • secure – Whether or not the cookie should only be sent over SSL.
  • httponly – Whether or not the cookie should only be accessible by the browser not by JavaScript.
  • encrypt_key – The key to use for the local session encryption, if not provided the session will not be encrypted.
  • validate_key – The key used to sign the local encrypted session
delete()

Deletes the session from the persistent storage, and sends an expired cookie out

invalidate()

Invalidates this session, creates a new session id, returns to the is_new state

lock()

Locks this session against other processes/threads. This is automatic when load/save is called.

*use with caution* and always with a corresponding ‘unlock’ inside a “finally:” block, as a stray lock typically cannot be unlocked without shutting down the whole application.

revert()

Revert the session to its original state from its first access in the request

save(accessed_only=False)

Saves the data for this session to persistent storage

If accessed_only is True, then only the original data loaded at the beginning of the request will be saved, with the updated last accessed time.

unlock()

Unlocks this session against other processes/threads. This is automatic when load/save is called.

*use with caution* and always within a “finally:” block, as a stray lock typically cannot be unlocked without shutting down the whole application.

class beaker.session.SessionObject(environ, **params)

Session proxy/lazy creator

This object proxies access to the actual session object, so that in the case that the session hasn’t been used before, it will be setup. This avoid creating and loading the session from persistent storage unless its actually used during the request.

accessed()

Returns whether or not the session has been accessed

get_by_id(id)

Loads a session given a session ID

persist()

Persist the session to the storage

If its set to autosave, then the entire session will be saved regardless of if save() has been called. Otherwise, just the accessed time will be updated if save() was not called, or the session will be saved if save() was called.

class beaker.session.SignedCookie(secret, input=None)

Extends python cookie to give digital signature support