bareasgi_session
module bareasgi_session ¶
Summary¶
bareasgi_session
function bareasgi_session.add_session_middleware ¶
Summary¶
Add session storage middleware.
Description¶
If no storage provider is supplied the default is to store the sessions in memory.
The default settings are not secure. In production the following settings are recommended.
Setting http_only=True
forbids JavaScript from accessing the cookie in
the browser. With same_site="Strict"
or same_site="Lax"
, the browser
prevents the cookie being sent on cross-site requests. If the server is
delivering over https, setting secure=True
will prevent the cookie from
being sent from non-https requests.
Parameters¶
app: ApplicationThe ASGI application.
storage: Optional[SessionStorage] (optional)The storage provider. Defaults to None.
context_key: str (optional)The key in the applications context where session data can be found. Defaults to SESSION_CONTEXT_KEY.
cookie_name: bytes (optional)The cookie name. Defaults to b'bareASGI-session'.
expires: Optional[datetime] (optional)The cookie expiry time. Defaults to None.
max_age: Optional[Union[int, timedelta]] (optional)The maximum age of the cookie. Defaults to None.
path: Optional[bytes] (optional)The cookie path. Defaults to None.
domain: Optional[bytes] (optional)The cookie domain. If unspecified the host header of the request will be used. Defaults to None.
secure: bool (optional)The cookie is only sent if the request is using https Defaults to False.
http_only: bool (optional)If true the cookie is not available with javascript in the client. Defaults to False.
same_site: Optional[bytes] (optional)Controls whether the cookie is sent cross origin. Defaults to None.
function bareasgi_session.session_data ¶
class MemorySessionStorage(SessionStorage) ¶
Summary¶
Memory session storage
class SessionStorage ¶
Summary¶
Session Storage