flask.sessions.SecureCookieSessionInterface

class documentation

class SecureCookieSessionInterface(SessionInterface): (source)

The default session interface that stores sessions in signed cookies through the :mod:`itsdangerous` module.

Method	`get_signing_serializer`	Undocumented
Method	`open_session`	This is called at the beginning of each request, after pushing the request context, before matching the URL.
Method	`save_session`	This is called at the end of each request, after generating a response, before removing the request context. It is skipped if :meth:`is_null_session` returns ``True``.
Class Variable	`digest_method`	Undocumented
Class Variable	`key_derivation`	Undocumented
Class Variable	`salt`	Undocumented

Inherited from SessionInterface:

Method	`get_cookie_domain`	Returns the domain that should be set for the session cookie.
Method	`get_cookie_httponly`	Returns True if the session cookie should be httponly. This currently just returns the value of the ``SESSION_COOKIE_HTTPONLY`` config var.
Method	`get_cookie_name`	The name of the session cookie. Uses``app.config["SESSION_COOKIE_NAME"]``.
Method	`get_cookie_path`	Returns the path for which the cookie should be valid. The default implementation uses the value from the ``SESSION_COOKIE_PATH`` config var if it's set, and falls back to ``APPLICATION_ROOT`` or uses ``/`` if it's ``None``.
Method	`get_cookie_samesite`	Return ``'Strict'`` or ``'Lax'`` if the cookie should use the ``SameSite`` attribute. This currently just returns the value of the :data:`SESSION_COOKIE_SAMESITE` setting.
Method	`get_cookie_secure`	Returns True if the cookie should be secure. This currently just returns the value of the ``SESSION_COOKIE_SECURE`` setting.
Method	`get_expiration_time`	A helper method that returns an expiration date for the session or ``None`` if the session is linked to the browser session. The default implementation returns now + the permanent session lifetime configured on the application.
Method	`is_null_session`	Checks if a given object is a null session. Null sessions are not asked to be saved.
Method	`make_null_session`	Creates a null session which acts as a replacement object if the real session support could not be loaded due to a configuration error. This mainly aids the user experience because the job of the null session is to still support lookup without complaining but modifications are answered with a helpful error message of what failed.
Method	`should_set_cookie`	Used by session backends to determine if a ``Set-Cookie`` header should be set for this session cookie for this response. If the session has been modified, the cookie is set. If the session is permanent and the ``SESSION_REFRESH_EACH_REQUEST`` config is true, the cookie is always set.
Class Variable	`pickle_based`	Undocumented

def get_signing_serializer(self, app: Flask) -> t.Optional[URLSafeTimedSerializer]: (source) ¶

Undocumented

def open_session(self, app: Flask, request: Request) -> t.Optional[SecureCookieSession]: (source) ¶

overrides flask.sessions.SessionInterface.open_session

This is called at the beginning of each request, after pushing the request context, before matching the URL. This must return an object which implements a dictionary-like interface as well as the :class:`SessionMixin` interface. This will return ``None`` to indicate that loading failed in some way that is not immediately an error. The request context will fall back to using :meth:`make_null_session` in this case.

def save_session(self, app: Flask, session: SessionMixin, response: Response): (source) ¶

overrides flask.sessions.SessionInterface.save_session

This is called at the end of each request, after generating a response, before removing the request context. It is skipped if :meth:`is_null_session` returns ``True``.

digest_method = (source) ¶

Undocumented

key_derivation: str = (source) ¶

Undocumented

salt: str = (source) ¶

Undocumented