Muffin-Session -- Cookie-Based HTTP sessions for Muffin framework
Contents
- Supports base64 sessions
- Supports
JWT
signed sessions - Supports
Fernet
encrypted sessions
- python >= 3.9
Muffin-Session should be installed using pip:
pip install muffin-session # Optional extras pip install muffin-session[fernet]
- Use it manually
from muffin import Application, ResponseHTML
from muffin_session import Plugin as Session
# Create Muffin Application
app = Application('example')
# Initialize the plugin
# As alternative: session = Session(app, **options)
session = Session()
session.setup(app, secret_key='REALLY_SECRET_KEY_FOR_SIGN_YOUR_SESSIONS')
# Use it inside your handlers
@app.route('/update')
async def update_session(request):
ses = session.load_from_request(request)
ses['var'] = 'value'
response = ResponseHTML('Session has been updated')
session.save_to_response(ses, response)
return res
@app.route('/load')
async def load_session(request):
ses = session.load_from_request(request)
return ses.get('var')
- Auto manage sessions (with middleware)
from muffin import Application, ResponseHTML
from muffin_session import Plugin as Session
# Create Muffin Application
app = Application('example')
# Initialize the plugin
# As alternative: session = Session(app, **options)
session = Session()
session.setup(app, secret_key='REALLY_SECRET_KEY_FOR_SIGN_YOUR_SESSIONS', auto_manage=True)
# Use it inside your handlers
@app.route('/update')
async def update_session(request):
request.session['var'] = 'value'
return 'Session has been updated'
@app.route('/load')
async def load_session(request):
return request.session.get('var')
Name | Default value | Description |
session_type | "jwt" |
Session type (base64|jwt|fernet ) |
secret_key | "InsecureSecret" |
A secret code to sign sessions |
auto_manage | False |
Load/Save sessions automatically. Session will be loaded into request.session |
cookie_name | "session" |
Sessions's cookie name (session ) |
cookie_params | Sessions's cookie params ({'path': '/', 'max-age': None, 'samesite': 'lax', 'secure': False} ) |
|
default_user_checker | lambda x: True |
A function to check a logged user |
login_url | "/login" |
An URL to redirect anonymous users (it may be a function which accept Request and returns a string) |
You are able to provide the options when you are initiliazing the plugin:
session.setup(app, secret_key='123455', cookie_name='info')
Or setup it inside Muffin.Application
config using the SESSION_
prefix:
SESSION_SECRET_KEY = '123455'
SESSION_COOKIE_NAME = 'info'
Muffin.Application
configuration options are case insensitive
from muffin import Application, ResponseHTML
from muffin_session import Plugin as Session
# Create Muffin Application
app = Application('example')
# Initialize the plugin
# As alternative: session = Session(app, **options)
session = Session()
session.setup(app, secret_key='REALLY_SECRET_KEY_FOR_SIGN_YOUR_SESSIONS', auto_manage=True)
@session.user_loader
async def load_user(ident):
"""Define your own user loader. """
return await my_database_load_user_by_id(ident)
@app.register('/session')
async def get_session(request):
""" Load session and return it as JSON. """
return dict(request.session)
@app.register('/admin')
@session.user_pass(lambda user: user.is_admin)
async def admin(request):
"""Awailable for admins only. """
return 'TOP SECRET'
@app.register('/login')
async def login(request):
"""Save user id into the current session. """
# ...
session.login(request, current_user.pk)
return 'OK'
@app.register('/logout')
async def logout(request):
""" Logout user. """
# ...
session.logout(request)
return 'OK'
@app.register('/somewhere')
async def somewhere(request):
""" Do something and leave a flash message """
# ...
request.session.clear()
return 'OK'
If you have any suggestions, bug reports or annoyances please report them to the issue tracker at https://github.com/klen/muffin-session/issues
Development of Muffin-Session happens at: https://github.com/klen/muffin-session
- klen (Kirill Klenov)
Licensed under a MIT license.