Session Basics

Sessions are the most complicated topic covered in this series of examples, and because of that it is going to take a few examples to cover all of the different aspects. This first example demonstrates the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.

Before diving into the APIs, let’s look at the big picture of sessions in Twisted Web. Sessions are represented by instances of Session . The Site creates a new instance of Session the first time an application asks for it for a particular session. Session instances are kept on the Site instance until they expire (due to inactivity or because they are explicitly expired). Each time after the first that a particular session’s Session object is requested, it is retrieved from the Site .

With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script which tells a user what its unique session identifier is and lets it prematurely expire the session.

First, we’ll import Resource so we can define a couple of subclasses of it:

from twisted.web.resource import Resource

Next we’ll define the resource which tells the client what its session identifier is. This is done easily by first getting the session object using Request.getSession and then getting the session object’s uid attribute:

class ShowSession(Resource):
    def render_GET(self, request):
        return b'Your session id is: ' + request.getSession().uid

To let the client expire its own session before it times out, we’ll define another resource which expires whatever session it is requested with. This is done using the Session.expire method:

class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return b'Your session has been expired.'

Finally, to make the example an rpy script, we’ll make an instance of ShowSession and give it an instance of ExpireSession as a child using Resource.putChild :

resource = ShowSession()
resource.putChild(b"expire", ExpireSession())

And that is the complete example. You can fire this up and load the top page. You’ll see a (rather opaque) session identifier that remains the same across reloads (at least until you flush the TWISTED_SESSION cookie from your browser or enough time passes). You can then visit the expire child and go back to the top page and see that you have a new session.

Here’s the complete source for the example:

from twisted.web.resource import Resource

class ShowSession(Resource):
    def render_GET(self, request):
        return b'Your session id is: ' + request.getSession().uid

class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return b'Your session has been expired.'

resource = ShowSession()
resource.putChild(b"expire", ExpireSession())