1

I am using the pyramid framework with beaker as a back-end for session management, and I want to store a session_id within a signed cookie. The session-id is associated with a real user_id, and the association mappings will be stored in something like redis. Can I simply use the configuration below to achieve this? The documentation doesn't provide a full implementation and only shows an example using an unsecure session factory.

Here is my configuration file, redacted to session details:

session.type = cookie
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = session_key
session.secret = as98&$Hh94
session.cookie_on_exception = true

Here is my __init__.py:

config = Configurator(settings=settings)
config.include('pyramid_jinja2')
config.include('pyramid_beaker')
config.include('.models')
config.include('.routes')
config.include('polatick.models')
config.scan()
return config.make_wsgi_app()

Do I simply use the forget and remember functions in pyramid to do this properly?

I was thinking of the process going something along the lines of something simple like this:

if user_authenticates():
   session_id = create_session_id()
   redis.put_entry(session_id, user_id)
   request.session['session_id'] = session_id
   headers = remember(request, login)
   return HTTPFound('/', headers=headers)

I've been following this documentation:
http://docs.pylonsproject.org/projects/pyramid_cookbook/en/latest/pylons/sessions.html

Wilfred Hughes
  • 29,846
  • 15
  • 139
  • 192
Jaigus
  • 1,422
  • 1
  • 16
  • 31

1 Answers1

1

The Pyramid Community Cookbook is not official documentation. It is a collection of user-contributed recipes. That one in particular is targeted toward users of the web framework Pylons who are migrating solutions to Pyramid.

Instead you should look at the official documentation on Sessions. This provides session implementation out of the box, and allows you to implement your own session factory.

Following that, there is an implementation of sessions with authentication (and later on with authorization) in the wiki tutorial.

pyramid_nacl_session defines an encrypting, pickle-based cookie serializer, using PyNaCl to generate the symmetric encryption for the cookie state.

There is also pyramid_redis_sessions, a Pyramid add-on, which implements Pyramid's ISession interface, using Redis as its backend.

Finally for a list of packages that provide sessions, authorization, or authentication, see Try Pyramid - Extending Pyramid.

Steve Piercy
  • 13,693
  • 1
  • 44
  • 57