UnencryptedCookieSessionFactoryConfig(secret, timeout=1200, cookie_name='session', cookie_max_age=None, cookie_path='/', cookie_domain=None, cookie_secure=False, cookie_httponly=False, cookie_on_exception=True)[source]

Configure a session factory which will provide unencrypted (but signed) cookie-based sessions. The return value of this function is a session factory, which may be provided as the session_factory argument of a pyramid.config.Configurator constructor, or used as the session_factory argument of the pyramid.config.Configurator.set_session_factory() method.

The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).


A string which is used to sign the cookie.
A number of seconds of inactivity before a session times out.
The name of the cookie used for sessioning. Default: session.
The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope).
The path used for the session cookie. Default: /.
The domain used for the session cookie. Default: None (no domain).
The ‘secure’ flag of the session cookie. Default: False.
The ‘httpOnly’ flag of the session cookie. Default: False.
If True, set a session cookie even if an exception occurs while rendering a view. Default: True.
signed_serialize(data, secret)[source]

Serialize any pickleable structure (data) and sign it using the secret (must be a string). Return the serialization, which includes the signature as its first 40 bytes. The signed_deserialize method will deserialize such a value.

This function is useful for creating signed cookies. For example:

cookieval = signed_serialize({'a':1}, 'secret')
response.set_cookie('signed_cookie', cookieval)
signed_deserialize(serialized, secret, hmac=<module 'hmac' from '/home/docs/checkouts/'>)[source]

Deserialize the value returned from signed_serialize. If the value cannot be deserialized for any reason, a ValueError exception will be raised.

This function is useful for deserializing a signed cookie value created by signed_serialize. For example:

cookieval = request.cookies['signed_cookie']
data = signed_deserialize(cookieval, 'secret')