Metadata-Version: 2.1
Name: aiohttp-session
Version: 2.12.1
Summary: sessions for aiohttp.web
Home-page: https://github.com/aio-libs/aiohttp_session/
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Framework :: AsyncIO
Classifier: Framework :: aiohttp
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: aiohttp>=3.10
Provides-Extra: aiomcache
Requires-Dist: aiomcache>=0.5.2; extra == "aiomcache"
Provides-Extra: aioredis
Requires-Dist: redis>=4.3.1; extra == "aioredis"
Provides-Extra: pycrypto
Requires-Dist: cryptography; extra == "pycrypto"
Provides-Extra: pynacl
Requires-Dist: pynacl; extra == "pynacl"
Provides-Extra: secure
Requires-Dist: cryptography; extra == "secure"

aiohttp_session
===============
.. image:: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml/badge.svg?branch=master
    :target: https://github.com/aio-libs/aiohttp-session/actions/workflows/ci.yaml
.. image:: https://codecov.io/github/aio-libs/aiohttp-session/coverage.svg?branch=master
    :target: https://codecov.io/github/aio-libs/aiohttp-session
.. image:: https://readthedocs.org/projects/aiohttp-session/badge/?version=latest
    :target: https://aiohttp-session.readthedocs.io/
.. image:: https://img.shields.io/pypi/v/aiohttp-session.svg
    :target: https://pypi.python.org/pypi/aiohttp-session

The library provides sessions for `aiohttp.web`__.

.. _aiohttp_web: https://aiohttp.readthedocs.io/en/latest/web.html

__ aiohttp_web_

Usage
-----

The library allows us to store user-specific data into a session object.

The session object has a dict-like interface (operations like
``session[key] = value``, ``value = session[key]`` etc. are present).


Before processing the session in a web-handler, you have to register the
*session middleware* in ``aiohttp.web.Application``.

A trivial usage example:

.. code:: python

    import time
    from cryptography import fernet
    from aiohttp import web
    from aiohttp_session import setup, get_session
    from aiohttp_session.cookie_storage import EncryptedCookieStorage


    async def handler(request):
        session = await get_session(request)
        last_visit = session['last_visit'] if 'last_visit' in session else None
        session['last_visit'] = time.time()
        text = 'Last visited: {}'.format(last_visit)
        return web.Response(text=text)


    def make_app():
        app = web.Application()
        fernet_key = fernet.Fernet.generate_key()
        f = fernet.Fernet(fernet_key)
        setup(app, EncryptedCookieStorage(f))
        app.router.add_get('/', handler)
        return app


    web.run_app(make_app())


All storages use an HTTP Cookie named ``AIOHTTP_SESSION`` for storing
data. This can be modified by passing the keyword argument ``cookie_name`` to
the storage class of your choice.

Available session storages are:

* ``aiohttp_session.SimpleCookieStorage()`` -- keeps session data as a
  plain JSON string in the cookie body. Use the storage only for testing
  purposes, it's very non-secure.

* ``aiohttp_session.cookie_storage.EncryptedCookieStorage(secret_key)``
  -- stores the session data into a cookie as ``SimpleCookieStorage`` but
  encodes it via AES cipher. ``secrect_key`` is a ``bytes`` key for AES
  encryption/decryption, the length should be 32 bytes.

  Requires ``cryptography`` library::

      $ pip install aiohttp_session[secure]

* ``aiohttp_session.redis_storage.RedisStorage(redis_pool)`` -- stores
  JSON encoded data in *redis*, keeping only the redis key (a random UUID) in
  the cookie. ``redis_pool`` is a ``redis`` object, created by
  ``await aioredis.from_url(...)`` call.

      $ pip install aiohttp_session[aioredis]


Developing
----------

Install for local development::

    $ make setup

Run linters::

    $ make lint

Run tests::

    $ make test


Third party extensions
----------------------

* `aiohttp_session_mongo
  <https://github.com/alexpantyukhin/aiohttp-session-mongo>`_

* `aiohttp_session_dynamodb
  <https://github.com/alexpantyukhin/aiohttp-session-dynamodb>`_


License
-------

``aiohttp_session`` is offered under the Apache 2 license.

.. towncrier release notes start

2.12.1 (2024-09-25)
===================

* Minor typing fix for aiohttp 3.10+.
* Dropped support for Python 3.7. Started testing on 3.11 - 3.13.

2.12.0 (2022-10-28)
===================

* Migrated from `aioredis` to `redis` (if using redis without installing
  `aiohttp-session[aioredis]` then it will be necessary to manually install `redis`).

2.11.0 (2021-01-31)
===================

* Support initialising `EncryptedCookieStorage` with `Fernet` object directly.
* Fix an issue where the session would get reset before the cookie expiry.

2.10.0 (2021-12-30)
===================

* Typing support
* Add samesite cookie option
* Support aioredis 2

2.9.0 (2019-11-04)
==================

* Fix memcached expiring time (#398)

2.8.0 (2019-09-17)
==================

* Make this compatible with Python 3.7+. Import from collections.abc, instead
  of from collections. (#373)


2.7.0 (2018-10-13)
==================

* Reset a session if the session age > max_age (#331)

* Reset a session on TTL expiration for EncryptedCookieStorage (#326)

2.6.0 (2018-09-12)
==================

* Create a new session if `NaClCookieStorage` cannot decode a
  corrupted cookie (#317)

2.5.0 (2018-05-12)
==================

* Add an API for requesting new session explicitly (#281)

2.4.0 (2018-05-04)
==================

* Fix a bug for session fixation (#272)

2.3.0 (2018-02-13)
==================

- Support custom encoder and decoder by all storages (#252)
- Bump to aiohttp 3.0

2.2.0 (2018-01-31)
==================

- Fixed the formatting of an error handling bad middleware return types. (#249)

2.1.0 (2017-11-24)
==================

- Add `session.set_new_identity()` method for changing identity for a
  new session (#236)

2.0.1 (2017-11-22)
==================

- Replace assertions in aioredis installation checks by `RuntimeError` (#235)

2.0.0 (2017-11-21)
==================

- Update to aioredis 1.0+. The aiohttp-session 2.0 is not compatible
  with aioredis 0.X (#234)

1.2.1 (2017-11-20)
==================

- Pin aioredis<1.0 (#231)

1.2.0 (2017-11-06)
==================

- Add MemcachedStorage (#224)

1.1.0 (2017-11-03)
==================

- Upgrade middleware to new style from aiohttp 2.3+


1.0.1 (2017-09-13)
==================

- Add key_factory attribute for redis_storage (#205)

1.0.0 (2017-07-27)
==================

- Catch decoder exception in RedisStorage on data load (#175)

- Specify domain and path on cookie deletion (#171)

0.8.0 (2016-12-04)
==================

- Use `time.time()` instead of `time.monotonic()` for absolute times (#81)

0.7.0 (2016-09-24)
==================

- Fix tests to be compatible with aiohttp upstream API for client cookies

0.6.0 (2016-09-08)
==================

- Add expires field automatically to support older browsers (#43)

- Respect session.max_age in redis storage #45

- Always pass default max_age from storage into session (#45)

0.5.0 (2016-02-21)
==================

- Handle cryptography.fernet.InvalidToken exception by providing an
  empty session (#29)

0.4.0 (2016-01-06)
==================

- Add optional NaCl encrypted storage (#20)

- Relax EncryptedCookieStorage to accept base64 encoded string,
  e.g. generated by Fernet.generate_key.

- Add setup() function

- Save the session even on exception in the middleware chain

0.3.0 (2015-11-20)
==================

- Reflect aiohttp changes: minimum required Python version is 3.4.1

- Use explicit 'aiohttp_session' package

0.2.0 (2015-09-07)
==================

- Add session.created property (#14)

- Replaced PyCrypto with crypthography library (#16)

0.1.2 (2015-08-07)
==================

- Add manifest file (#15)

0.1.1 (2015-04-20)
==================

- Fix #7: stop cookie name growing each time session is saved


0.1.0 (2015-04-13)
==================

- First public release
