core.session

Module Contents

Classes

GaeSession

Store Sessions inside the Big Table/Memcache

Functions

killSessionByUser(user=None)

Invalidates all active sessions for the given user.

startClearSessions()

Removes old (expired) Sessions

doClearSessions(timeStamp, cursor)

class core.session.GaeSession

Store Sessions inside the Big Table/Memcache

kindName = viur-session
sameSite = lax
sessionCookie = True
cookieName
load(self, req)

Initializes the Session.

If the client supplied a valid Cookie, the session is read from the memcache/datastore, otherwise a new, empty session will be initialized.

save(self, req)

Writes the session to the memcache/datastore.

Does nothing, if the session hasn’t been changed in the current request.

__contains__(self, key)

Returns True if the given key is set in the current session.

__delitem__(self, key)

Removes a key from the session.

This key must exist.

__getitem__(self, key)

Returns the value stored under the given key.

The key must exist.

get(self, key)

Returns the value stored under the given key.

Parameters

key (str) – Key to retrieve from the session variables.

Returns

Returns None if the key doesn’t exist.

__setitem__(self, key, item)

Stores a new value under the given key.

If that key exists before, its value is overwritten.

markChanged(self)

Explicitly mark the current session as changed. This will force save() to write into the memcache / datastore, even if it belives that this session had not changed.

reset(self)

Invalids the current session and starts a new one.

This function is especially useful at login, where we might need to create an SSL-capable session.

Warning

Everything (except the current language) is flushed.

items(self)

Returns all items in the current session.

getSecurityKey(self)
validateSecurityKey(self, key)

Checks if key matches the current CSRF-Token of our session. On success, a new key is generated.

validateStaticSecurityKey(self, key)

Checks if key matches the current static CSRF-Token of our session.

core.session.killSessionByUser(user=None)

Invalidates all active sessions for the given user.

This means that this user is instantly logged out. If no user is given, it tries to invalidate all active sessions.

Use “guest” as to kill all sessions not associated with an user.

Parameters

user (str | None) – UserID, “guest” or None.

core.session.startClearSessions()

Removes old (expired) Sessions

core.session.doClearSessions(timeStamp, cursor)