klein.SessionProcurer

class documentation

class SessionProcurer: (source)

Implements interfaces: klein.interfaces.ISessionProcurer

View In Hierarchy

A SessionProcurer procures a session from a request and a store.

Method procureSession Retrieve a session using whatever technique is necessary.
Instance Variable _cookieDomain If set, the domain name to restrict the session cookie to.
Instance Variable _cookiePath If set, the URL path to restrict the session cookie to.
Instance Variable _insecureCookie The name of the cookie to use for sessions not protected with TLS (i.e. HTTP).
Instance Variable _insecureTokenHeader The name of the HTTP header to try to extract a session token from; API clients should use this header, rather than a cookie.
Instance Variable _maxAge The maximum age (in seconds) of the session cookie.
Instance Variable _secureCookie The name of the cookie to use for sessions protected with TLS (i.e. HTTPS).
Instance Variable _secureTokenHeader The name of the HTTPS header to try to extract a session token from; API clients should use this header, rather than a cookie.
Instance Variable _setCookieOnGET Automatically request that the session store create a session if one is not already associated with the request and the request is a GET.
Instance Variable _store The session store to procure a session from.
@inlineCallbacks
def procureSession(self, request, forceInsecure=False): (source)
from klein.interfaces.ISessionProcurer

Retrieve a session using whatever technique is necessary.

If the request already identifies an existing session in the store, retrieve it. If not, create a new session and retrieve that.

Parameters
request:IRequestThe request to procure a session from.
forceInsecure:boolEven if the request was transmitted securely (i.e. over HTTPS), retrieve the session that would be used by the same browser if it were sending an insecure (i.e. over HTTP) request; by default, this is False, and the session's security will match that of the request.
Returns
Any

a Deferred that:

  • fires with an ISession provider if the request describes an existing, valid session, or, if the intersection of the data in the request and the configuration of this ISessionProcurer allow for a cookie to be set immediately, or
  • fails with NoSuchSession if the request is unable to negotiate a session based on the current request: this is generally if the client is trying to use header-based authentication (and therefore does not want a new cookie set) or if this procurer is configured not to automatically create new sessions on the fly, or
  • fails with TooLateForCookies if the request bound to this procurer has already sent the headers and therefore we can no longer set a cookie, and we need to set a cookie.
_cookieDomain: Optional[bytes] = (source)

If set, the domain name to restrict the session cookie to.

_cookiePath: bytes = (source)

If set, the URL path to restrict the session cookie to.

_insecureCookie: bytes = (source)

The name of the cookie to use for sessions not protected with TLS (i.e. HTTP).

_insecureTokenHeader: bytes = (source)

The name of the HTTP header to try to extract a session token from; API clients should use this header, rather than a cookie.

_maxAge: int = (source)

The maximum age (in seconds) of the session cookie.

_secureCookie: bytes = (source)

The name of the cookie to use for sessions protected with TLS (i.e. HTTPS).

_secureTokenHeader: bytes = (source)

The name of the HTTPS header to try to extract a session token from; API clients should use this header, rather than a cookie.

_setCookieOnGET: bool = (source)

Automatically request that the session store create a session if one is not already associated with the request and the request is a GET.

_store: ISessionStore = (source)

The session store to procure a session from.