SessionStore
This class manages session data by storing it directly within a securely signed cookie on the client rather than in an external data store. It provides mechanisms for loading, saving, and deleting session information using cryptographic signing to ensure data integrity. The class supports both synchronous and asynchronous operations for session lifecycle management.
Attributes
| Attribute | Type | Description |
|---|---|---|
| modified | boolean | Boolean flag indicating if the session data has changed, used to trigger setting the cookie on the client for the current request. |
| _session_key | string | The securely signed, URL-safe base64-encoded string containing the session data used as the client-side cookie value. |
| _session_cache | dict | Internal cache for session data, cleared during session deletion to reset the underlying data structure. |
Constructor
Signature
def SessionStore()
Methods
load()
@classmethod
def load() - > dict
Load the data from the key itself instead of fetching from some external data store. Opposite of _get_session_key(), raise BadSignature if signature fails.
Returns
| Type | Description |
|---|---|
dict | The decoded session data dictionary, or an empty dictionary if the signature is invalid. |
aload()
@classmethod
def aload() - > dict
Asynchronously load the session data from the signed session key.
Returns
| Type | Description |
|---|---|
dict | The decoded session data dictionary. |
create()
@classmethod
def create()
To create a new key, set the modified flag so that the cookie is set on the client for the current request.
acreate()
@classmethod
def acreate()
Asynchronously initializes a new session by setting the modified flag.
save()
@classmethod
def save(
must_create: boolean = False
)
To save, get the session key as a securely signed string and then set the modified flag so that the cookie is set on the client for the current request.
Parameters
| Name | Type | Description |
|---|---|---|
| must_create | boolean = False | If True, ensures a new session is created; however, this implementation primarily updates the signed cookie key. |
asave()
@classmethod
def asave(
must_create: boolean = False
)
Asynchronously saves the session by generating a new signed key and marking the session as modified.
Parameters
| Name | Type | Description |
|---|---|---|
| must_create | boolean = False | Determines if the save operation should fail if the session already exists. |
exists()
@classmethod
def exists(
session_key: string = None
) - > boolean
This method makes sense when you're talking to a shared resource, but it doesn't matter when you're storing the information in the client's cookie.
Parameters
| Name | Type | Description |
|---|---|---|
| session_key | string = None | The session identifier to check for existence. |
Returns
| Type | Description |
|---|---|
boolean | Always returns False as existence checks are not applicable to cookie-based storage. |
aexists()
@classmethod
def aexists(
session_key: string = None
) - > boolean
Asynchronously checks if a session key exists; always returns False for this backend.
Parameters
| Name | Type | Description |
|---|---|---|
| session_key | string = None | The session identifier to check. |
Returns
| Type | Description |
|---|---|
boolean | Always False. |
delete()
@classmethod
def delete(
session_key: string = None
)
To delete, clear the session key and the underlying data structure and set the modified flag so that the cookie is set on the client for the current request.
Parameters
| Name | Type | Description |
|---|---|---|
| session_key | string = None | The session identifier to be invalidated. |
adelete()
@classmethod
def adelete(
session_key: string = None
)
Asynchronously deletes the session by clearing local data and marking the session as modified for cookie removal.
Parameters
| Name | Type | Description |
|---|---|---|
| session_key | string = None | The session identifier to be deleted. |
cycle_key()
@classmethod
def cycle_key()
Keep the same data but with a new key. Call save() and it will automatically save a cookie with a new key at the end of the request.
acycle_key()
@classmethod
def acycle_key()
Asynchronously cycles the session key while preserving session data.
clear_expired()
@classmethod
def clear_expired()
Does nothing in this backend as expired sessions are handled by the client's browser cookie expiration.
aclear_expired()
@classmethod
def aclear_expired()
Asynchronously performs no-op for clearing expired sessions since storage is client-side.