/flask-session2

Server side session extension for Flask

Primary LanguagePythonOtherNOASSERTION


logo

Adds support for Server-side Session to your Flask application.

Downloads Pypi Download

Installation

Install the extension with the following command::

pip install Flask-Session2

Quickstart

Flask-Session is really easy to use.

Basically for the common use of having one Flask application all you have to do is to create your Flask application, load the configuration of choice and then create the Session object by passing it the application.

The Session instance is not used for direct access, you should always use flask.session:

from flask import Flask, session
from flask_session import Session

app = Flask(__name__)
# Check Configuration section for more details
SESSION_TYPE = 'redis'
app.config.from_object(__name__)
Session(app)

@app.route('/set/')
def set():
    session['key'] = 'value'
    return 'ok'

@app.route('/get/')
def get():
    return session.get('key', 'not set')

You may also set up your application later using Session.init_app method:

sess = Session()
sess.init_app(app)

Configuration

The following configuration values exist for Flask-Session. Flask-Session loads these values from your Flask application config, so you should configure your app first before you pass it to Flask-Session. Note that these values cannot be modified after the init_app was applied so make sure to not modify them at runtime.

We are not supplying something like SESSION_REDIS_HOST and SESSION_REDIS_PORT, if you want to use the RedisSessionInterface, you should configure SESSION_REDIS to your own redis.Redis instance. This gives you more flexibility, like maybe you want to use the same redis.Redis instance for cache purpose too, then you do not need to keep two redis.Redis instance in the same process.

The following configuration values are builtin configuration values within Flask itself that are related to session. They are all understood by Flask-Session, for example, you should use PERMANENT_SESSION_LIFETIME to control your session lifetime.

Name Description
SESSION_COOKIE_NAME the name of the session cookie
SESSION_COOKIE_DOMAIN the domain for the session cookie. If this is not set, the cookie will be valid for all subdomains of SERVER_NAME.
SESSION_COOKIE_PATH the path for the session cookie. If this is not set the cookie will be valid for all of APPLICATION_ROOT or if that is not set for '/'.
SESSION_COOKIE_HTTPONLY controls if the cookie should be set with the httponly flag. Defaults to True.
SESSION_COOKIE_SECURE controls if the cookie should be set with the secure flag. Defaults to False.
PERMANENT_SESSION_LIFETIME the lifetime of a permanent session as :class:datetime.timedelta object. Starting with Flask 0.8 this can also be an integer representing seconds.

A list of configuration keys also understood by the extension:

Name Description
SESSION_TYPE Specifies which type of session interface to use. Built-in session types:
- null: NullSessionInterface (default)
- redis: RedisSessionInterface
- memcached: MemcachedSessionInterface
- filesystem: FileSystemSessionInterface
- mongodb: MongoDBSessionInterface
- sqlalchemy: SqlAlchemySessionInterface
- elasticsearch: ElasticsearchSessionInterface
- datastore: GoogleCloudDatastoreSessionInterface
- firestore: GoogleFireStoreSessionInterface
- peewee: PeeweeSessionInterface
- dynamodb: DynamoDBSessionInterface
SESSION_PERMANENT Whether use permanent session or not, default to be True
SESSION_USE_SIGNER Whether sign the session cookie sid or not, if set to True, you have to set :attr:flask.Flask.secret_key, default to be False
SESSION_KEY_PREFIX A prefix that is added before all session keys. This makes it possible to use the same backend storage server for different apps, default "session:"

Basically you only need to configure SESSION_TYPE.

By default, all non-null sessions in Flask-Session are permanent.

Built-in Session Interfaces

NullSessionInterface

If you do not configure a different SESSION_TYPE, this will be used to generate nicer error messages. Will allow read-only access to the empty session but fail on setting.

RedisSessionInterface

Uses the Redis key-value store as a session backend. (redis-py required)

Name Description
SESSION_REDIS A redis.Redis instance, default connect to 127.0.0.1:6379

MemcachedSessionInterface

Uses the Memcached as a session backend. (pymemecache required)

Name Description
SESSION_MEMCACHED A memcache.Client instance, default connect to 127.0.0.1:11211

FileSystemSessionInterface

Uses the cachelib.file.FileSystemCache as a session backend.

Name Description
SESSION_FILE_DIR The directory where session files are stored. Default to use flask_session directory under current working directory.
SESSION_FILE_THRESHOLD The maximum number of items the session stores before it starts deleting some, default 500
SESSION_FILE_MODE The file mode wanted for the session files, default 0600

MongoDBSessionInterface

Uses the MongoDB as a session backend. (pymongo required)

Name Description
SESSION_MONGODB A pymongo.MongoClient instance, default connect to 127.0.0.1:27017
SESSION_MONGODB_DB The MongoDB database you want to use, default "flask_session"
SESSION_MONGODB_COLLECT The MongoDB collection you want to use, default "sessions"

SqlAlchemySessionInterface

Uses SQLAlchemy as a session backend. (Flask-SQLAlchemy required)

Name Description
SESSION_SQLALCHEMY A flask_sqlalchemy.SQLAlchemy instance whose database connection URI is configured using the SQLALCHEMY_DATABASE_URI parameter
SESSION_SQLALCHEMY_TABLE The name of the SQL table you want to use, default "sessions"
SESSION_AUTODELETE Auto remove old sessions from database

ElasticsearchSessionInterface

Uses elasticsearch as a session backend. (elasticsearch required)

  • SESSION_ELASTICSEARCH
  • SESSION_ELASTICSEARCH_HOST
  • SESSION_ELASTICSEARCH_INDEX

GoogleCloudDatastoreSessionInterface

Uses Google Cloud Datastore as a session backend. (google-cloud-datastore required)

  • GCLOUD_APP_PROJECT_ID

GoogleFireStoreSessionInterface

Uses Google Firebase as a session backend. (google-cloud-firestore required)

  • SESSION_FIRESTORE
  • SESSION_FIRESTORE_COLLECT

PeeweeSessionInterface

Uses Peewee as a session backend. (peewee required)

  • SESSION_PEEWEE_TABLE
  • SESSION_PEEWEE_CONFIG

DynamoDBSessionInterface

Uses DynamoDB as a session backend. (boto3 required)

Name Description
SESSION_DYNAMODB A boto3.Session instance, default creates an instance with credentials in environment variables or in the local aws config.
SESSION_DYNAMODB_KEY_ID The AWS key id for connecting to Dynamo. Uses environment variable or local config if not set.
SESSION_DYNAMODB_ENDPOINT The AWS DynamoDB endpoint_url. Default is none, primarily used for local DynamoDB config.
SESSION_DYNAMODB_SECRET The AWS secret access key for connecting to Dynamo. Uses environment variable or local config if not set.
SESSION_DYNAMODB_REGION The region where the dynamodb table is located. Uses environment variable or the local config if not set.
SESSION_DYNAMODB_TABLE The name of the table in DyanmoDB to store session data. Default is "sessions".

Credits

This project is a fork of flask-session, created by Shipeng Feng.

Contributors

Thanks for many who have contributed to this project. Submit a PR if you have contributed and your name is missing.