Sessions¶
ViUR has a built-in session management system provided by core.session.Session.
This allows storing information between different HTTP-requests. Sessions are automatically created as needed. As the first information is stored inside the session a cookie is placed on the clients browser used to identify that session.
Storing and retrieving data is easy:
from viur.core import current
# Load the current session from the ContextVar
session = current.session.get()
# Store data inside the session
session[key] = value
# `get()` returns `None` if the key doesn't exist, the value otherwise:
val = session.get(key)
# Throws an exception if the key doesn't exist:
val = session[key]
You can store any JSON-serializable type inside the session, including lists and nested dicts. All data inside the session is only stored server-side, it’s never transferred to the client. So it’s safe to store confidential data inside sessions.
Warning
For security-reasons, the session is reset if a user logs in or out. All data (except the language chosen) is erased. You can set viur.session.persistentFieldsOnLogin and viur.session.persistentFieldsOnLogout in
core.configto explicitly white-list properties that should survive login/logout actions.Also for security-reasons, the session-module uses two independent cookies, one for unencrypted HTTP and one for a secure SSL channel. If the session is created by a request arriving via unencrypted HTTP, the SSL-Cookie cannot be set. If the connection later changes to SSL, the contents of the session are also erased.
Sometimes the session-module is unable to detect changes made to that data (usually if
valueis something that can be modified inplace (e.g. a nested dict or list)). In this case its possible to notify the session that the contents have been changed by callingcurrent.session.get().markChanged().