core.session¶
Module Contents¶
Classes¶
Store Sessions inside the datastore. |
Functions¶
|
Invalidates all active sessions for the given user. |
Removes old (expired) Sessions |
- class core.session.Session¶
Store Sessions inside the datastore. The behaviour of this module can be customized in the following ways:
- :prop:sameSite can be set to None, “none”, “lax” or “strict” to influence the same-site tag on the cookies
we set
- :prop:sessionCookie is set to True by default, causing the cookie to be treated as a session cookie (it will
be deleted on browser close). If set to False, it will be emitted with the life-time in conf[“viur.session.lifeTime”].
- The config variable conf[“viur.session.lifeTime”]: Determines, how ling (in Minutes) a session stays valid.
Even if :prop:sessionCookie is set to True, we’ll void a session server-side after no request has been made within said lifeTime.
- The config variables conf[“viur.session.persistentFieldsOnLogin”] and
conf[“viur.session.persistentFieldsOnLogout”] lists fields, that may survive a login/logout action. For security reasons, we completely destroy a session on login/logout (it will be deleted, a new empty database object will be created and a new cookie with a different key is sent to the browser). This causes all data currently stored to be lost. Only keys listed in these variables will be copied into the new session.
- kindName = 'viur-session'¶
- sameSite = 'lax'¶
- sessionCookie = True¶
- cookieName¶
- GUEST_USER = '__guest__'¶
- load(req: viur.core.request.BrowseHandler)¶
Initializes the Session.
If the client supplied a valid Cookie, the session is read from the datastore, otherwise a new, empty session will be initialized.
- save(req: viur.core.request.BrowseHandler)¶
Writes the session into the database.
Does nothing, in case the session hasn’t been changed in the current request.
- __contains__(key: str) bool¶
Returns True if the given key is set in the current session.
- __delitem__(key: str) None¶
Removes a key from the session.
This key must exist.
- __getitem__(key) Any¶
Returns the value stored under the given key.
The key must exist.
- __ior__(other: dict)¶
Merges the contents of a dict into the session.
- get(key: str, default: Any = None) Any¶
Returns the value stored under the given key.
- Parameters:
key – Key to retrieve from the session variables.
default – Default value to return when key does not exist.
- __setitem__(key: str, item: Any)¶
Stores a new value under the given key.
If that key exists before, its value is overwritten.
- markChanged() None¶
Explicitly mark the current session as changed. This will force save() to write into the datastore, even if it believes that this session hasn’t changed.
- reset() None¶
Invalidates the current session and starts a new one.
This function is especially useful at login, where we might need to create an SSL-capable session.
- Warning:
Everything is flushed.
- items() dict_items¶
Returns all items in the current session.
- getSecurityKey() str | None¶
- validateSecurityKey(key: str) bool¶
Checks if key matches the current CSRF-Token of our session. On success, a new key is generated.
- validateStaticSecurityKey(key: str) bool¶
Checks if key matches the current static CSRF-Token of our session.
- core.session.killSessionByUser(user: str | viur.core.db.Key | None = None)¶
Invalidates all active sessions for the given user.
This means that this user is instantly logged out. If no user is given, it tries to invalidate all active sessions.
Use “__guest__” to kill all sessions not associated with a user.
- Parameters:
user – UserID, “__guest__” or None.
- core.session.start_clear_sessions()¶
Removes old (expired) Sessions