core.session¶
Module Contents¶
Classes¶
Store Sessions inside the datastore. |
Functions¶
|
Invalidates all active sessions for the given user. |
Removes old (expired) Sessions |
- class core.session.Session¶
Store Sessions inside the datastore. The behaviour of this module can be customized in the following ways:
- :prop:same_site can be set to None, “none”, “lax” or “strict” to influence the same-site tag on the cookies
we set
- :prop:use_session_cookie is set to True by default, causing the cookie to be treated as a session cookie
(it will be deleted on browser close). If set to False, it will be emitted with the life-time in conf.user.session_life_time.
- The config variable conf.user.session_life_time: Determines, how long (in seconds) a session is valid.
Even if :prop:use_session_cookie is set to True, the session is voided server-side after no request has been made within the configured lifetime.
- The config variables conf.user.session_persistent_fields_on_login and
conf.user.session_persistent_fields_on_logout lists fields, that may survive a login/logout action. For security reasons, we completely destroy a session on login/logout (it will be deleted, a new empty database object will be created and a new cookie with a different key is sent to the browser). This causes all data currently stored to be lost. Only keys listed in these variables will be copied into the new session.
- kindName = 'viur-session'¶
- same_site = 'lax'¶
- use_session_cookie = True¶
- cookie_name¶
- GUEST_USER = '__guest__'¶
- load(req)¶
Initializes the Session.
If the client supplied a valid Cookie, the session is read from the datastore, otherwise a new, empty session will be initialized.
- save(req)¶
Writes the session into the database.
Does nothing, in case the session hasn’t been changed in the current request.
- __contains__(key)¶
Returns True if the given key is set in the current session.
- Parameters:
key (str) –
- Return type:
bool
- __delitem__(key)¶
Removes a key from the session.
This key must exist.
- Parameters:
key (str) –
- Return type:
None
- __getitem__(key)¶
Returns the value stored under the given key.
The key must exist.
- Return type:
Any
- __ior__(other)¶
Merges the contents of a dict into the session.
- Parameters:
other (dict) –
- get(key, default=None)¶
Returns the value stored under the given key.
- Parameters:
key (str) – Key to retrieve from the session variables.
default (Any) – Default value to return when key does not exist.
- Return type:
Any
- __setitem__(key, item)¶
Stores a new value under the given key.
If that key exists before, its value is overwritten.
- Parameters:
key (str) –
item (Any) –
- markChanged()¶
Explicitly mark the current session as changed. This will force save() to write into the datastore, even if it believes that this session hasn’t changed.
- Return type:
None
- reset()¶
Invalidates the current session and starts a new one.
This function is especially useful at login, where we might need to create an SSL-capable session.
- Warning:
Everything is flushed.
- Return type:
None
- items()¶
Returns all items in the current session.
- Return type:
dict_items
- core.session.killSessionByUser(user=None)¶
Invalidates all active sessions for the given user.
This means that this user is instantly logged out. If no user is given, it tries to invalidate all active sessions.
Use “__guest__” to kill all sessions not associated with a user.
- Parameters:
user (Optional[Union[str, viur.core.db.Key, None]]) – UserID, “__guest__” or None.
- core.session.start_clear_sessions()¶
Removes old (expired) Sessions