quart.sessions module

class quart.sessions.SecureCookieSessionInterface

Bases: SessionInterface

A Session interface that uses cookies as storage.

This will store the data on the cookie in plain text, but with a signature to prevent modification.

static digest_method(string=b'', *, usedforsecurity=True)

Returns a sha1 hash object; optionally initialized with a string

get_signing_serializer(app: Quart) → URLSafeTimedSerializer | None

Return a serializer for the session that also signs data.

This will return None if the app is not configured for secrets.

key_derivation = 'hmac'

async open_session(app: Quart, request: BaseRequestWebsocket) → SecureCookieSession | None

Open a secure cookie based session.

This will return None if a signing serializer is not available, usually if the config SECRET_KEY is not set.

salt = 'cookie-session'

async save_session(app: Quart, session: SessionMixin, response: Response | WerkzeugResponse | None) → None

Saves the session to the response in a secure cookie.

serializer = <flask.json.tag.TaggedJSONSerializer object>

session_class

alias of SecureCookieSession

class quart.sessions.SessionInterface

Bases: object

Base class for session interfaces.

null_session_class

Storage class for null (no storage) sessions.

pickle_based

Indicates if pickling is used for the session.

get_cookie_domain(app: Quart) → str | None

Helper method to return the Cookie Domain for the App.

get_cookie_httponly(app: Quart) → bool

Helper method to return if the Cookie should be HTTPOnly for the App.

get_cookie_name(app: Quart) → str

Helper method to return the Cookie Name for the App.

get_cookie_path(app: Quart) → str

Helper method to return the Cookie path for the App.

get_cookie_samesite(app: Quart) → str

Helper method to return the Cookie Samesite configuration for the App.

get_cookie_secure(app: Quart) → bool

Helper method to return if the Cookie should be Secure for the App.

get_expiration_time(app: Quart, session: SessionMixin) → datetime | None

Helper method to return the Session expiration time.

If the session is not ‘permanent’ it will expire as and when the browser stops accessing the app.

is_null_session(instance: object) → bool

Returns True is the instance is a null session.

async make_null_session(app: Quart) → NullSession

Create a Null session object.

This is used in replacement of an actual session if sessions are not configured or active.

null_session_class

alias of NullSession

async open_session(app: Quart, request: BaseRequestWebsocket) → SessionMixin | None

Open an existing session from the request or create one.

Returns:

The Session object or None if no session can be created, in which case the null_session_class is expected to be used.

pickle_based = False

async save_session(app: Quart, session: SessionMixin, response: Response | WerkzeugResponse | None) → None

Save the session argument to the response.

Parameters:

response – Can be None if the session is being saved after a websocket connection closes.

Returns:

The modified response, with the session stored.

should_set_cookie(app: Quart, session: SessionMixin) → bool

Helper method to return if the Set Cookie header should be present.

This triggers if the session is marked as modified or the app is configured to always refresh the cookie.