quart.sessions module

class quart.sessions.NullSession

Bases: quart.sessions.Session, dict

A session implementation for sessions without storage.

clear() → None. Remove all items from D.
pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised

popitem()

Remove and return a (key, value) pair as a 2-tuple.

Pairs are returned in LIFO (last-in, first-out) order. Raises KeyError if the dict is empty.

setdefault(key, default=None, /)

Insert key with a value of default if key is not in the dictionary.

Return the value for key if key is in the dictionary, else default.

update([E, ]**F) → None. Update D from dict/iterable E and F.

If E is present and has a .keys() method, then does: for k in E: D[k] = E[k] If E is present and lacks a .keys() method, then does: for k, v in E: D[k] = v In either case, this is followed by: for k in F: D[k] = F[k]

class quart.sessions.SecureCookieSession(*args: Any, **kwargs: Any)

Bases: quart.sessions.SessionMixin, dict, quart.sessions.Session

A session implementation using cookies.

Note that the intention is for this session to use cookies, this class does not implement anything bar modification and accessed flags.

clear() → None. Remove all items from D.
get(key, default=None, /)

Return the value for key if key is in the dictionary, else default.

pop(k[, d]) → v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised

popitem()

Remove and return a (key, value) pair as a 2-tuple.

Pairs are returned in LIFO (last-in, first-out) order. Raises KeyError if the dict is empty.

setdefault(key, default=None, /)

Insert key with a value of default if key is not in the dictionary.

Return the value for key if key is in the dictionary, else default.

update([E, ]**F) → None. Update D from dict/iterable E and F.

If E is present and has a .keys() method, then does: for k in E: D[k] = E[k] If E is present and lacks a .keys() method, then does: for k, v in E: D[k] = v In either case, this is followed by: for k in F: D[k] = F[k]

class quart.sessions.SecureCookieSessionInterface

Bases: quart.sessions.SessionInterface

A Session interface that uses cookies as storage.

This will store the data on the cookie in plain text, but with a signature to prevent modification.

static digest_method()

Returns a sha1 hash object; optionally initialized with a string

get_signing_serializer(app: Quart) → Optional[itsdangerous.url_safe.URLSafeTimedSerializer]

Return a serializer for the session that also signs data.

This will return None if the app is not configured for secrets.

key_derivation = 'hmac'
async open_session(app: Quart, request: quart.wrappers.base.BaseRequestWebsocket) → Optional[quart.sessions.SecureCookieSession]

Open a secure cookie based session.

This will return None if a signing serializer is not available, usually if the config SECRET_KEY is not set.

salt = 'cookie-session'
async save_session(app: Quart, session: quart.sessions.SecureCookieSession, response: quart.wrappers.response.Response) → None

Saves the session to the response in a secure cookie.

serializer = <quart.json.tag.TaggedJSONSerializer object>
session_class

alias of SecureCookieSession

class quart.sessions.Session

Bases: collections.abc.MutableMapping

An abstract base class for Sessions.

class quart.sessions.SessionInterface

Bases: object

Base class for session interfaces.

null_session_class

Storage class for null (no storage) sessions.

pickle_based

Indicates if pickling is used for the session.

Helper method to return the Cookie Domain for the App.

Helper method to return if the Cookie should be HTTPOnly for the App.

Helper method to return the Cookie path for the App.

Helper method to return the Cookie Samesite configuration for the App.

Helper method to return if the Cookie should be Secure for the App.

get_expiration_time(app: Quart, session: quart.sessions.SessionMixin) → Optional[datetime.datetime]

Helper method to return the Session expiration time.

If the session is not ‘permanent’ it will expire as and when the browser stops accessing the app.

is_null_session(instance: object) → bool

Returns True is the instance is a null session.

async make_null_session(app: Quart) → quart.sessions.NullSession

Create a Null session object.

This is used in replacement of an actual session if sessions are not configured or active.

null_session_class

alias of NullSession

async open_session(app: Quart, request: quart.wrappers.base.BaseRequestWebsocket) → Optional[quart.sessions.Session]

Open an existing session from the request or create one.

Returns

The Session object or None if no session can be created, in which case the null_session_class is expected to be used.

pickle_based = False
async save_session(app: Quart, session: quart.sessions.Session, response: quart.wrappers.response.Response) → quart.wrappers.response.Response

Save the session argument to the response.

Returns

The modified response, with the session stored.

Helper method to return if the Set Cookie header should be present.

This triggers if the session is marked as modified or the app is configured to always refresh the cookie.

class quart.sessions.SessionMixin

Bases: object

Use to extend a dict with Session attributes.

The attributes add standard and expected Session modification flags.

accessed

Indicates if the Session has been accessed during the request, thereby allowing the Vary: Cookie header.

modified

Indicates if the Session has been modified during the request handling.

new

Indicates if the Session is new.

accessed = True
modified = True
new = False
property permanent