Session support for µHTTP
Sessions are implemented as Javascript Web Signatures. Which means that:
- Sessions are stored in the client's browser.
- Sessions are not secret.
- Sessions cannot be tempered with.
µHTTP Session is on PyPI.
pip install uhttp-sessionFirst, you must set the secret key as an environment variable:
export APP_SECRET='<your secret key goes here>'Don't have one?
python -c 'import secrets; print(secrets.token_hex())'Then:
from uhttp import App
from uhttp_session import app as session_app
app = App()
app.mount(session_app)
@app.post('/login')
def login(request):
request.state['session']['user'] = request.form.get('user', 'john')
@app.get('/'):
def account(request):
if 'user' not in request.state['session']:
return 401
else:
return f'Hello, {request.state["session"]["user"]}!'Released under the MIT license.