Sessions are the most complicated topic covered in this series of examples, and because of that it is going to take a few examples to cover all of the different aspects. This first example demonstrates the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.
Before diving into the APIs, let’s look at the big picture of
sessions in Twisted Web. Sessions are represented by instances
of Session . The Site creates a new instance
of Session the first time an application asks for it for
a particular session. Session instances are kept on
the Site instance until they expire (due to inactivity or
because they are explicitly expired). Each time after the first that a
particular session’s Session object is requested, it is
retrieved from the Site .
With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script which tells a user what its unique session identifier is and lets it prematurely expire the session.
First, we’ll import Resource so we can define a couple of subclasses of it:
from twisted.web.resource import Resource
Next we’ll define the resource which tells the client what its session identifier is. This is done easily by first getting the session object using Request.getSession and then getting the session object’s uid attribute:
class ShowSession(Resource):
    def render_GET(self, request):
        return 'Your session id is: ' + request.getSession().uid
To let the client expire its own session before it times out, we’ll define another resource which expires whatever session it is requested with. This is done using the Session.expire method:
class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return 'Your session has been expired.'
Finally, to make the example an rpy script, we’ll make an instance
of ShowSession and give it an instance
of ExpireSession as a child using Resource.putChild :
resource = ShowSession()
resource.putChild("expire", ExpireSession())
And that is the complete example. You can fire this up and load the top
page. You’ll see a (rather opaque) session identifier that remains the same
across reloads (at least until you flush the TWISTED_SESSION cookie
from your browser or enough time passes). You can then visit
the expire child and go back to the top page and see that you have
a new session.
Here’s the complete source for the example:
from twisted.web.resource import Resource
class ShowSession(Resource):
    def render_GET(self, request):
        return 'Your session id is: ' + request.getSession().uid
class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return 'Your session has been expired.'
resource = ShowSession()
resource.putChild("expire", ExpireSession())