The library provides sessions for aiohttp.web.
The library allows us to store user-specific data into a session object.
The session object has a dict-like interface (operations like
session[key] = value
, value = session[key]
etc. are present).
Before processing the session in a web-handler, you have to register the
session middleware in aiohttp.web.Application
.
A trivial usage example:
import time import base64 from cryptography import fernet from aiohttp import web from aiohttp_session import setup, get_session from aiohttp_session.cookie_storage import EncryptedCookieStorage async def handler(request): session = await get_session(request) last_visit = session['last_visit'] if 'last_visit' in session else None session['last_visit'] = time.time() text = 'Last visited: {}'.format(last_visit) return web.Response(text=text) def make_app(): app = web.Application() # secret_key must be 32 url-safe base64-encoded bytes fernet_key = fernet.Fernet.generate_key() secret_key = base64.urlsafe_b64decode(fernet_key) setup(app, EncryptedCookieStorage(secret_key)) app.router.add_get('/', handler) return app web.run_app(make_app())
All storages use an HTTP Cookie named AIOHTTP_SESSION
for storing
data. This can be modified by passing the keyword argument cookie_name
to
the storage class of your choice.
Available session storages are:
aiohttp_session.SimpleCookieStorage()
-- keeps session data as a plain JSON string in the cookie body. Use the storage only for testing purposes, it's very non-secure.aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)
-- stores the session data into a cookie asSimpleCookieStorage
but encodes it via AES cipher.secrect_key
is abytes
key for AES encryption/decryption, the length should be 32 bytes.Requires
cryptography
library:$ pip install aiohttp_session[secure]
aiohttp_session.redis_storage.RedisStorage(redis_pool)
-- stores JSON encoded data in redis, keeping only the redis key (a random UUID) in the cookie.redis_pool
is aaioredis
pool object, created byawait aioredis.create_resid_pool(...)
call.Requires
aioredis
library (olny versions1.0+
are supported:$ pip install aiohttp_session[aioredis]
aiohttp_session
is offered under the Apache 2 license.