quart.sessions module#

class quart.sessions.NullSession(*args: Any, **kwargs: Any)#

Bases: quart.sessions.SecureCookieSession

A session implementation for sessions without storage.

clear() None.  Remove all items from D.#
pop(k[, d]) v, remove specified key and return the corresponding value.#

If the key is not found, return the default if given; otherwise, raise a KeyError.

popitem()#

Remove and return a (key, value) pair as a 2-tuple.

Pairs are returned in LIFO (last-in, first-out) order. Raises KeyError if the dict is empty.

setdefault(key, default=None, /)#

Insert key with a value of default if key is not in the dictionary.

Return the value for key if key is in the dictionary, else default.

update([E, ]**F) None.  Update D from dict/iterable E and F.#

If E is present and has a .keys() method, then does: for k in E: D[k] = E[k] If E is present and lacks a .keys() method, then does: for k, v in E: D[k] = v In either case, this is followed by: for k in F: D[k] = F[k]

class quart.sessions.SecureCookieSession(*args: Any, **kwargs: Any)#

Bases: dict, quart.sessions.SessionMixin

A session implementation using cookies.

Note that the intention is for this session to use cookies, this class does not implement anything bar modification and accessed flags.

clear() None.  Remove all items from D.#
get(key, default=None, /)#

Return the value for key if key is in the dictionary, else default.

pop(k[, d]) v, remove specified key and return the corresponding value.#

If the key is not found, return the default if given; otherwise, raise a KeyError.

popitem()#

Remove and return a (key, value) pair as a 2-tuple.

Pairs are returned in LIFO (last-in, first-out) order. Raises KeyError if the dict is empty.

setdefault(key, default=None, /)#

Insert key with a value of default if key is not in the dictionary.

Return the value for key if key is in the dictionary, else default.

update([E, ]**F) None.  Update D from dict/iterable E and F.#

If E is present and has a .keys() method, then does: for k in E: D[k] = E[k] If E is present and lacks a .keys() method, then does: for k, v in E: D[k] = v In either case, this is followed by: for k in F: D[k] = F[k]

class quart.sessions.SecureCookieSessionInterface#

Bases: quart.sessions.SessionInterface

A Session interface that uses cookies as storage.

This will store the data on the cookie in plain text, but with a signature to prevent modification.

static digest_method(string=b'', *, usedforsecurity=True)#

Returns a sha1 hash object; optionally initialized with a string

get_signing_serializer(app: Quart) Optional[URLSafeTimedSerializer]#

Return a serializer for the session that also signs data.

This will return None if the app is not configured for secrets.

key_derivation = 'hmac'#
async open_session(app: Quart, request: BaseRequestWebsocket) Optional[SecureCookieSession]#

Open a secure cookie based session.

This will return None if a signing serializer is not available, usually if the config SECRET_KEY is not set.

salt = 'cookie-session'#
async save_session(app: Quart, session: SessionMixin, response: Union[Response, WerkzeugResponse, None]) None#

Saves the session to the response in a secure cookie.

serializer = <quart.json.tag.TaggedJSONSerializer object>#
session_class#

alias of quart.sessions.SecureCookieSession

class quart.sessions.SessionInterface#

Bases: object

Base class for session interfaces.

null_session_class#

Storage class for null (no storage) sessions.

pickle_based#

Indicates if pickling is used for the session.

Helper method to return the Cookie Domain for the App.

Helper method to return if the Cookie should be HTTPOnly for the App.

Helper method to return the Cookie Name for the App.

Helper method to return the Cookie path for the App.

Helper method to return the Cookie Samesite configuration for the App.

Helper method to return if the Cookie should be Secure for the App.

get_expiration_time(app: Quart, session: SessionMixin) Optional[datetime]#

Helper method to return the Session expiration time.

If the session is not ‘permanent’ it will expire as and when the browser stops accessing the app.

is_null_session(instance: object) bool#

Returns True is the instance is a null session.

async make_null_session(app: Quart) NullSession#

Create a Null session object.

This is used in replacement of an actual session if sessions are not configured or active.

null_session_class#

alias of quart.sessions.NullSession

async open_session(app: Quart, request: BaseRequestWebsocket) Optional[SessionMixin]#

Open an existing session from the request or create one.

Returns

The Session object or None if no session can be created, in which case the null_session_class is expected to be used.

pickle_based = False#
async save_session(app: Quart, session: SessionMixin, response: Union[Response, WerkzeugResponse, None]) None#

Save the session argument to the response.

Parameters

response – Can be None if the session is being saved after a websocket connection closes.

Returns

The modified response, with the session stored.

Helper method to return if the Set Cookie header should be present.

This triggers if the session is marked as modified or the app is configured to always refresh the cookie.

class quart.sessions.SessionMixin#

Bases: collections.abc.MutableMapping

Use to extend a dict with Session attributes.

The attributes add standard and expected Session modification flags.

accessed#

Indicates if the Session has been accessed during the request, thereby allowing the Vary: Cookie header.

modified#

Indicates if the Session has been modified during the request handling.

new#

Indicates if the Session is new.

accessed = True#
modified = True#
new = False#
property permanent: bool#