python - Use database to store session instead of Cookie with Flask -
i have python project flask.
i'm using sql alchemy (according page of documentation : http://flask.pocoo.org/docs/0.10/patterns/sqlalche) handle database actions.
i'm using flask.session store user's information (authentication status, preferences, ...)
default flask's session behaviour store sessions in user's cookie, , sign cookie secret_key users can't alter it, can read it.
i don't users able "see" session's content. flask offer built-in way store session's content in orm (sqlalchemy), or have implement myself ?
thanks !
this adapted http://flask.pocoo.org/snippets/75/.
if need store lot of session data makes sense move data cookie server. in case might want use redis storage backend actual session data.
the following code implements session backend using redis. allows either pass in redis client or connect redis instance on localhost. keys prefixed specified prefix defaults session:.
import pickle datetime import timedelta uuid import uuid4 redis import redis werkzeug.datastructures import callbackdict flask.sessions import sessioninterface, sessionmixin class redissession(callbackdict, sessionmixin): def __init__(self, initial=none, sid=none, new=false): def on_update(self): self.modified = true callbackdict.__init__(self, initial, on_update) self.sid = sid self.new = new self.modified = false class redissessioninterface(sessioninterface): serializer = pickle session_class = redissession def __init__(self, redis=none, prefix='session:'): if redis none: redis = redis() self.redis = redis self.prefix = prefix def generate_sid(self): return str(uuid4()) def get_redis_expiration_time(self, app, session): if session.permanent: return app.permanent_session_lifetime return timedelta(days=1) def open_session(self, app, request): sid = request.cookies.get(app.session_cookie_name) if not sid: sid = self.generate_sid() return self.session_class(sid=sid, new=true) val = self.redis.get(self.prefix + sid) if val not none: data = self.serializer.loads(val) return self.session_class(data, sid=sid) return self.session_class(sid=sid, new=true) def save_session(self, app, session, response): domain = self.get_cookie_domain(app) if not session: self.redis.delete(self.prefix + session.sid) if session.modified: response.delete_cookie(app.session_cookie_name, domain=domain) return redis_exp = self.get_redis_expiration_time(app, session) cookie_exp = self.get_expiration_time(app, session) val = self.serializer.dumps(dict(session)) self.redis.setex(self.prefix + session.sid, val, int(redis_exp.total_seconds())) response.set_cookie(app.session_cookie_name, session.sid, expires=cookie_exp, httponly=true, domain=domain) here how enable it:
app = flask(__name__) app.session_interface = redissessioninterface() if attribute error total_seconds missing means you're using version of python older 2.7. in case can use function replacement total_seconds method:
def total_seconds(td): return td.days * 60 * 60 * 24 + td.seconds
Comments
Post a Comment