gae-sessions documentation

Detailed gaesessions module Documentation

A fast, lightweight, and secure session WSGI middleware for use with GAE.

gaesessions.get_current_session()

Returns the session associated with the current request.

gaesessions.set_current_session(session)

Sets the session associated with the current request.

gaesessions.delete_expired_sessions()

Deletes expired sessions from the datastore. If there are more than 500 expired sessions, only 500 will be removed. Returns True if all expired sessions have been removed.

class gaesessions.SessionMiddleware(app, cookie_key, lifetime=datetime.timedelta(7), no_datastore=False, cookie_only_threshold=10240)

WSGI middleware that adds session support.

cookie_key - A key used to secure cookies so users cannot modify their content. Keys should be at least 32 bytes (RFC2104). Tip: generate your key using os.urandom(64) but do this OFFLINE and copy/paste the output into a string which you pass in as cookie_key. If you use os.urandom() to dynamically generate your key at runtime then any existing sessions will become junk every time your app starts up!

lifetime - datetime.timedelta that specifies how long a session may last. Defaults to 7 days.

no_datastore - By default all writes also go to the datastore in case memcache is lost. Set to True to never use the datastore. This improves write performance but sessions may be occassionally lost.

cookie_only_threshold - A size in bytes. If session data is less than this threshold, then session data is kept only in a secure cookie. This avoids memcache/datastore latency which is critical for small sessions. Larger sessions are kept in memcache+datastore instead. Defaults to 10KB.

class gaesessions.DjangoSessionMiddleware

Django middleware that adds session support. You must specify the session configuration parameters by modifying the call to SessionMiddleware in DjangoSessionMiddleware.__init__() since Django cannot call an initialization method with parameters.

class gaesessions.Session(sid=None, lifetime=datetime.timedelta(7), no_datastore=False, cookie_only_threshold=10240, cookie_key=None)

Manages loading, reading/writing key-value pairs, and saving of a session.

sid - if set, then the session for that sid (if any) is loaded. Otherwise, sid will be loaded from the HTTP_COOKIE (if any).

clear()

Removes all data from the session (but does not terminate it).

ensure_data_loaded()

Fetch the session data if it hasn’t been retrieved it yet.

get(key, default=None)

Retrieves a value from the session.

get_expiration()

Returns the timestamp at which this session will expire.

has_key(key)

Returns True if key is set.

is_accessed()

Returns True if any value of this session has been accessed.

is_active()

Returns True if this session is active (i.e., it has been assigned a session ID and will be or has been persisted).

is_ssl_only()

Returns True if cookies set by this session will include the “Secure” attribute so that the client will only send them over a secure channel like SSL).

pop(key, default=None)

Removes key and returns its value, or default if key is not present.

pop_quick(key, default=None)

Removes key and returns its value, or default if key is not present. The change will only be persisted to memcache until another change necessitates a write to the datastore.

regenerate_id(expiration_ts=None)

Assigns the session a new session ID (data carries over). This should be called whenever a user authenticates to prevent session fixation attacks.

expiration_ts - The UNIX timestamp the session will expire at. If omitted, the session expiration time will not be changed.

save(persist_even_if_using_cookie=False)

Saves the data associated with this session IF any changes have been made (specifically, if any mutator methods like __setitem__ or the like is called).

If the data is small enough it will be sent back to the user in a cookie instead of using memcache and the datastore. If persist_even_if_using_cookie evaluates to True, memcache and the datastore will also be used. If the no_datastore option is set, then the datastore will never be used.

Normally this method does not need to be called directly - a session is automatically saved at the end of the request if any changes were made.

set_quick(key, value)

Set a value named key on this session. The change will only be persisted to memcache until another change necessitates a write to the datastore. This will start a session if one is not already active.

start(expiration_ts=None, ssl_only=False)

Starts a new session. expiration specifies when it will expire. If expiration is not specified, then self.lifetime will used to determine the expiration date.

Normally this method does not need to be called directly - a session is automatically started when the first value is added to the session.

expiration_ts - The UNIX timestamp the session will expire at. If omitted, the session will expire after the default lifetime has past (as specified in SessionMiddleware).

ssl_only - Whether to specify the “Secure” attribute on the cookie so that the client will ONLY transfer the cookie over a secure channel.

terminate(clear_data=True)

Deletes the session and its data, and expires the user’s cookie.

__contains__(key)

Returns True if key is present on this session.

__delitem__(key)

Deletes the value associated with key on this session.

__getitem__(key)

Returns the value associated with key on this session.

__iter__()

Returns an iterator over the keys (names) of the stored values.

__setitem__(key, value)

Set a value named key on this session. This will start a session if one is not already active.

class gaesessions.SessionModel(parent=None, key_name=None, _app=None, _from_entity=False, **kwds)

Contains session data. key_name is the session ID and pdump contains a pickled dictionary which maps session variables to their values.

Indices and tables

Table Of Contents

This Page