pyramid.session
¶
-
UnencryptedCookieSessionFactoryConfig
(secret, timeout=1200, cookie_name='session', cookie_max_age=None, cookie_path='/', cookie_domain=None, cookie_secure=False, cookie_httponly=False, cookie_on_exception=True)[source]¶ Configure a session factory which will provide unencrypted (but signed) cookie-based sessions. The return value of this function is a session factory, which may be provided as the
session_factory
argument of apyramid.config.Configurator
constructor, or used as thesession_factory
argument of thepyramid.config.Configurator.set_session_factory()
method.The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).
Parameters:
secret
- A string which is used to sign the cookie.
timeout
- A number of seconds of inactivity before a session times out.
cookie_name
- The name of the cookie used for sessioning. Default:
session
. cookie_max_age
- The maximum age of the cookie used for sessioning (in seconds).
Default:
None
(browser scope). cookie_path
- The path used for the session cookie. Default:
/
. cookie_domain
- The domain used for the session cookie. Default:
None
(no domain). cookie_secure
- The ‘secure’ flag of the session cookie. Default:
False
. cookie_httponly
- The ‘httpOnly’ flag of the session cookie. Default:
False
. cookie_on_exception
- If
True
, set a session cookie even if an exception occurs while rendering a view. Default:True
.
-
signed_serialize
(data, secret)[source]¶ Serialize any pickleable structure (
data
) and sign it using thesecret
(must be a string). Return the serialization, which includes the signature as its first 40 bytes. Thesigned_deserialize
method will deserialize such a value.This function is useful for creating signed cookies. For example:
cookieval = signed_serialize({'a':1}, 'secret') response.set_cookie('signed_cookie', cookieval)
-
signed_deserialize
(serialized, secret, hmac=<module 'hmac' from '/home/docs/checkouts/readthedocs.org/user_builds/pyramid/envs/1.3-branch/lib/python3.4/hmac.py'>)[source]¶ Deserialize the value returned from
signed_serialize
. If the value cannot be deserialized for any reason, aValueError
exception will be raised.This function is useful for deserializing a signed cookie value created by
signed_serialize
. For example:cookieval = request.cookies['signed_cookie'] data = signed_deserialize(cookieval, 'secret')