The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).
In Pyramid 2.0 the default serializer option will change to use pyramid.session.JSONSerializer . See Upcoming Changes to ISession in Pyramid 2.0 for more information about why this change is being made.
secret A string which is used to sign the cookie. The secret should be at least as long as the block size of the selected hash algorithm. For sha512 this would mean a 512 bit (64 character) secret. It should be unique within the set of secret values provided to Pyramid for its various subsystems (see Admonishment Against Secret-Sharing ). hashalg The HMAC digest algorithm to use for signing. The algorithm must be supported by the hashlib library. Default: ‘sha512’ . salt A namespace to avoid collisions between different uses of a shared secret. Reusing a secret for different parts of an application is strongly discouraged (see Admonishment Against Secret-Sharing ). Default: ‘pyramid.session.’ . cookie_name The name of the cookie used for sessioning. Default: ‘session’ . max_age The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope). path The path used for the session cookie. Default: ‘/’ . domain The domain used for the session cookie. Default: None (no domain). secure The ‘secure’ flag of the session cookie. Default: False . httponly Hide the cookie from Javascript by setting the ‘HttpOnly’ flag of the session cookie. Default: False . samesite The ‘samesite’ option of the session cookie. Set the value to None to turn off the samesite option. Default: ‘Lax’ . timeout A number of seconds of inactivity before a session times out. If None then the cookie never expires. This lifetime only applies to the value within the cookie. Meaning that if the cookie expires due to a lower max_age , then this setting has no effect. Default: 1200 . reissue_time
New in version 1.5.
serializer An object with two methods: loads and dumps . The loads method should accept bytes and return a Python object. The dumps method should accept a Python object and return bytes. A ValueError should be raised for malformed inputs. cookie_name The name of the cookie used for sessioning. Default: ‘session’ . max_age The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope). path The path used for the session cookie. Default: ‘/’ . domain The domain used for the session cookie. Default: None (no domain). secure The ‘secure’ flag of the session cookie. Default: False . httponly Hide the cookie from Javascript by setting the ‘HttpOnly’ flag of the session cookie. Default: False . samesite The ‘samesite’ option of the session cookie. Set the value to None to turn off the samesite option. Default: ‘Lax’ . timeout A number of seconds of inactivity before a session times out. If None then the cookie never expires. This lifetime only applies to the value within the cookie. Meaning that if the cookie expires due to a lower max_age , then this setting has no effect. Default: 1200 . reissue_time
set_on_exception If True , set a session cookie even if an exception occurs while rendering a view. Default: True . class PickleSerializer ( protocol=4 ) [source] ¶
Configure a session factory which will provide signed cookie-based sessions. The return value of this function is a session factory , which may be provided as the session_factory argument of a pyramid.config.Configurator constructor, or used as the session_factory argument of the pyramid.config.Configurator.set_session_factory() method.
set_on_exception If True , set a session cookie even if an exception occurs while rendering a view. Default: True . serializer An object with two methods: loads and dumps . The loads method should accept bytes and return a Python object. The dumps method should accept a Python object and return bytes. A ValueError should be raised for malformed inputs. If a serializer is not passed, the pyramid.session.PickleSerializer serializer will be used.
A serializer that uses the pickle protocol to dump Python data to bytes.
pyramid.session ¶ New in version 1.5. Configure a session factory which will provide signed cookie-based sessions. The return value of this function is a session factory , which may be