Session Basics¶
Sessions are the most complicated topic covered in this series of examples, and because of that it is going to take a few examples to cover all of the different aspects. This first example demonstrates the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.
Before diving into the APIs, let’s look at the big picture of
sessions in Twisted Web. Sessions are represented by instances
of Session
. The Site
creates a new instance
of Session
the first time an application asks for it for
a particular session. Session
instances are kept on
the Site
instance until they expire (due to inactivity or
because they are explicitly expired). Each time after the first that a
particular session’s Session
object is requested, it is
retrieved from the Site
.
With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script which tells a user what its unique session identifier is and lets it prematurely expire the session.
First, we’ll import Resource
so we can define a couple of
subclasses of it:
from twisted.web.resource import Resource
Next we’ll define the resource which tells the client what its session
identifier is. This is done easily by first getting the session object
using Request.getSession
and
then getting the session object’s uid attribute:
class ShowSession(Resource):
def render_GET(self, request):
return b'Your session id is: ' + request.getSession().uid
To let the client expire its own session before it times out, we’ll define
another resource which expires whatever session it is requested with. This is
done using the Session.expire
method:
class ExpireSession(Resource):
def render_GET(self, request):
request.getSession().expire()
return b'Your session has been expired.'
Finally, to make the example an rpy script, we’ll make an instance
of ShowSession
and give it an instance
of ExpireSession
as a child using Resource.putChild
:
resource = ShowSession()
resource.putChild(b"expire", ExpireSession())
And that is the complete example. You can fire this up and load the top
page. You’ll see a (rather opaque) session identifier that remains the same
across reloads (at least until you flush the TWISTED_SESSION
cookie
from your browser or enough time passes). You can then visit
the expire
child and go back to the top page and see that you have
a new session.
Here’s the complete source for the example:
from twisted.web.resource import Resource
class ShowSession(Resource):
def render_GET(self, request):
return b'Your session id is: ' + request.getSession().uid
class ExpireSession(Resource):
def render_GET(self, request):
request.getSession().expire()
return b'Your session has been expired.'
resource = ShowSession()
resource.putChild(b"expire", ExpireSession())