pyramid.session

UnencryptedCookieSessionFactoryConfig(secret, timeout=1200, cookie_name='session', cookie_max_age=None, cookie_path='/', cookie_domain=None, cookie_secure=False, cookie_httponly=False, cookie_on_exception=True)

Configure a session factory which will provide unencrypted (but signed) cookie-based sessions. The return value of this function is a session factory, which may be provided as the session_factory argument of a pyramid.config.Configurator constructor, or used as the session_factory argument of the pyramid.config.Configurator.set_session_factory() method.

The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).

Parameters:

secret

A string which is used to sign the cookie.

timeout

A number of seconds of inactivity before a session times out.

cookie_name

The name of the cookie used for sessioning. Default: session.

cookie_max_age

The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope).

cookie_path

The path used for the session cookie. Default: /.

cookie_domain

The domain used for the session cookie. Default: None (no domain).

cookie_secure

The ‘secure’ flag of the session cookie. Default: False.

cookie_httponly

The ‘httpOnly’ flag of the session cookie. Default: False.

cookie_on_exception

If True, set a session cookie even if an exception occurs while rendering a view. Default: True.

signed_serialize(data, secret)

Serialize any pickleable structure (data) and sign it using the secret (must be a string). Return the serialization, which includes the signature as its first 40 bytes. The signed_deserialize method will deserialize such a value.

This function is useful for creating signed cookies. For example:

cookieval = signed_serialize({'a':1}, 'secret')
response.set_cookie('signed_cookie', cookieval)

signed_deserialize(serialized, secret, hmac=<module 'hmac' from '/usr/lib/python2.7/hmac.pyc'>)

Deserialize the value returned from signed_serialize. If the value cannot be deserialized for any reason, a ValueError exception will be raised.

This function is useful for deserializing a signed cookie value created by signed_serialize. For example:

cookieval = request.cookies['signed_cookie']
data = signed_deserialize(cookieval, 'secret')