flask.sessions.SessionInterface

class documentation

class SessionInterface:

Known subclasses: flask.sessions.SecureCookieSessionInterface

The basic interface you have to implement in order to replace the default session interface which uses werkzeug's securecookie implementation. The only methods you have to implement are open_session and save_session, the others have useful defaults which you don't need to change.

The session object returned by the open_session method has to provide a dictionary like interface plus the properties and methods from the SessionMixin. We recommend just subclassing a dict and adding that mixin:

class Session(dict, SessionMixin):
    pass

If open_session returns None Flask will call into make_null_session to create a session that acts as replacement if the session support cannot work because some requirement is not fulfilled. The default NullSession class that is created will complain that the secret key was not set.

To replace the session interface on an application all you have to do is to assign flask.Flask.session_interface:

app = Flask(__name__)
app.session_interface = MySessionInterface()

New in version 0.8.

Method	`get_cookie_domain`	Returns the domain that should be set for the session cookie.
Method	`get_cookie_httponly`	Returns True if the session cookie should be httponly. This currently just returns the value of the `SESSION_COOKIE_HTTPONLY` config var.
Method	`get_cookie_name`	Returns the name of the session cookie.
Method	`get_cookie_path`	No summary
Method	`get_cookie_samesite`	Return `'Strict'` or `'Lax'` if the cookie should use the `SameSite` attribute. This currently just returns the value of the `SESSION_COOKIE_SAMESITE` setting.
Method	`get_cookie_secure`	Returns True if the cookie should be secure. This currently just returns the value of the `SESSION_COOKIE_SECURE` setting.
Method	`get_expiration_time`	No summary
Method	`is_null_session`	Checks if a given object is a null session. Null sessions are not asked to be saved.
Method	`make_null_session`	No summary
Method	`open_session`	No summary
Method	`save_session`	No summary
Method	`should_set_cookie`	No summary
Class Variable	`pickle_based`	Undocumented

def get_cookie_domain(self, app):

Returns the domain that should be set for the session cookie.

Uses SESSION_COOKIE_DOMAIN if it is configured, otherwise falls back to detecting the domain based on SERVER_NAME.

Once detected (or if not set at all), SESSION_COOKIE_DOMAIN is updated to avoid re-running the logic.

Parameters
app:`Flask`	Undocumented
Returns
`t.Optional[str]`	Undocumented

def get_cookie_httponly(self, app):

Returns True if the session cookie should be httponly. This currently just returns the value of the SESSION_COOKIE_HTTPONLY config var.

Parameters
app:`Flask`	Undocumented
Returns
`bool`	Undocumented

def get_cookie_name(self, app):

Returns the name of the session cookie.

Uses app.session_cookie_name which is set to SESSION_COOKIE_NAME

Parameters
app:`Flask`	Undocumented
Returns
`str`	Undocumented

def get_cookie_path(self, app):

Returns the path for which the cookie should be valid. The default implementation uses the value from the SESSION_COOKIE_PATH config var if it's set, and falls back to APPLICATION_ROOT or uses / if it's None.

Parameters
app:`Flask`	Undocumented
Returns
`str`	Undocumented

def get_cookie_samesite(self, app):

Return 'Strict' or 'Lax' if the cookie should use the SameSite attribute. This currently just returns the value of the SESSION_COOKIE_SAMESITE setting.

Parameters
app:`Flask`	Undocumented
Returns
`str`	Undocumented

def get_cookie_secure(self, app):

Returns True if the cookie should be secure. This currently just returns the value of the SESSION_COOKIE_SECURE setting.

Parameters
app:`Flask`	Undocumented
Returns
`bool`	Undocumented

def get_expiration_time(self, app, session):

A helper method that returns an expiration date for the session or None if the session is linked to the browser session. The default implementation returns now + the permanent session lifetime configured on the application.

Parameters
app:`Flask`	Undocumented
session:`SessionMixin`	Undocumented
Returns
`t.Optional[datetime]`	Undocumented

def is_null_session(self, obj):

Checks if a given object is a null session. Null sessions are not asked to be saved.

This checks if the object is an instance of null_session_class by default.

Parameters
obj:`object`	Undocumented
Returns
`bool`	Undocumented

def make_null_session(self, app):

Creates a null session which acts as a replacement object if the real session support could not be loaded due to a configuration error. This mainly aids the user experience because the job of the null session is to still support lookup without complaining but modifications are answered with a helpful error message of what failed.

This creates an instance of null_session_class by default.

Parameters
app:`Flask`	Undocumented
Returns
`NullSession`	Undocumented

def open_session(self, app, request):

overridden in flask.sessions.SecureCookieSessionInterface

This method has to be implemented and must either return None in case the loading failed because of a configuration error or an instance of a session object which implements a dictionary like interface + the methods and attributes on SessionMixin.

Parameters
app:`Flask`	Undocumented
request:`Request`	Undocumented
Returns
`t.Optional[SessionMixin]`	Undocumented

def save_session(self, app, session, response):

overridden in flask.sessions.SecureCookieSessionInterface

This is called for actual sessions returned by open_session at the end of the request. This is still called during a request context so if you absolutely need access to the request you can do that.

Parameters
app:`Flask`	Undocumented
session:`SessionMixin`	Undocumented
response:`Response`	Undocumented

def should_set_cookie(self, app, session):

Used by session backends to determine if a Set-Cookie header should be set for this session cookie for this response. If the session has been modified, the cookie is set. If the session is permanent and the SESSION_REFRESH_EACH_REQUEST config is true, the cookie is always set.

This check is usually skipped if the session was deleted.

New in version 0.11.

Parameters
app:`Flask`	Undocumented
session:`SessionMixin`	Undocumented
Returns
`bool`	Undocumented

pickle_based: bool =

Undocumented