Posted on

pyramid cookies

The session factory returned by this function will create sessions which are limited to storing fewer than 4000 bytes of data (as the payload must fit into a single cookie).

In Pyramid 2.0 the default serializer option will change to use pyramid.session.JSONSerializer . See Upcoming Changes to ISession in Pyramid 2.0 for more information about why this change is being made.
secret A string which is used to sign the cookie. The secret should be at least as long as the block size of the selected hash algorithm. For sha512 this would mean a 512 bit (64 character) secret. It should be unique within the set of secret values provided to Pyramid for its various subsystems (see Admonishment Against Secret-Sharing ). hashalg The HMAC digest algorithm to use for signing. The algorithm must be supported by the hashlib library. Default: ‘sha512’ . salt A namespace to avoid collisions between different uses of a shared secret. Reusing a secret for different parts of an application is strongly discouraged (see Admonishment Against Secret-Sharing ). Default: ‘pyramid.session.’ . cookie_name The name of the cookie used for sessioning. Default: ‘session’ . max_age The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope). path The path used for the session cookie. Default: ‘/’ . domain The domain used for the session cookie. Default: None (no domain). secure The ‘secure’ flag of the session cookie. Default: False . httponly Hide the cookie from Javascript by setting the ‘HttpOnly’ flag of the session cookie. Default: False . samesite The ‘samesite’ option of the session cookie. Set the value to None to turn off the samesite option. Default: ‘Lax’ . timeout A number of seconds of inactivity before a session times out. If None then the cookie never expires. This lifetime only applies to the value within the cookie. Meaning that if the cookie expires due to a lower max_age , then this setting has no effect. Default: 1200 . reissue_time

New in version 1.5.
serializer An object with two methods: loads and dumps . The loads method should accept bytes and return a Python object. The dumps method should accept a Python object and return bytes. A ValueError should be raised for malformed inputs. cookie_name The name of the cookie used for sessioning. Default: ‘session’ . max_age The maximum age of the cookie used for sessioning (in seconds). Default: None (browser scope). path The path used for the session cookie. Default: ‘/’ . domain The domain used for the session cookie. Default: None (no domain). secure The ‘secure’ flag of the session cookie. Default: False . httponly Hide the cookie from Javascript by setting the ‘HttpOnly’ flag of the session cookie. Default: False . samesite The ‘samesite’ option of the session cookie. Set the value to None to turn off the samesite option. Default: ‘Lax’ . timeout A number of seconds of inactivity before a session times out. If None then the cookie never expires. This lifetime only applies to the value within the cookie. Meaning that if the cookie expires due to a lower max_age , then this setting has no effect. Default: 1200 . reissue_time
set_on_exception If True , set a session cookie even if an exception occurs while rendering a view. Default: True . class PickleSerializer ( protocol=4 ) [source] ¶
Configure a session factory which will provide signed cookie-based sessions. The return value of this function is a session factory , which may be provided as the session_factory argument of a pyramid.config.Configurator constructor, or used as the session_factory argument of the pyramid.config.Configurator.set_session_factory() method.
set_on_exception If True , set a session cookie even if an exception occurs while rendering a view. Default: True . serializer An object with two methods: loads and dumps . The loads method should accept bytes and return a Python object. The dumps method should accept a Python object and return bytes. A ValueError should be raised for malformed inputs. If a serializer is not passed, the pyramid.session.PickleSerializer serializer will be used.

A serializer that uses the pickle protocol to dump Python data to bytes.

pyramid.session ¶ New in version 1.5. Configure a session factory which will provide signed cookie-based sessions. The return value of this function is a session factory , which may be