-1

KBsession stores the session TTL based on PERMANENT_SESSION_LIFETIME is there a way to override this for specific sessions

EDIT: so I have two different API for login I need to give any user login from one of them an infinite session TTL, the other one will take PERMANENT_SESSION_LIFETIME value note: KBsession back-end is redis

Zaid Direya
  • 611
  • 2
  • 8
  • 19

1 Answers1

0

I think the best way is use Session Interface to create specific processing. This is just an example, but I hope you can understand approach. 

from flask import Flask, session as flask_session, jsonify

flask_app = Flask(__name__)
# just a few user types
UNIQUE_USER_TYPE = 'unique'
DEFAULT_USER_TYPE = 'default'

@flask_app.route('/login-default')
def login_default():
    flask_session['user_type'] = DEFAULT_USER_TYPE
    return 'login default done'

@flask_app.route('/login-unique')
def login_unique():
    flask_session['user_type'] = UNIQUE_USER_TYPE
    return 'login unique done'

@flask_app.route('/session-state')
def get_session_state():
    return jsonify(dict(flask_session))


class UserTypeSessionInterface(SecureCookieSessionInterface):

    def get_expiration_time(self, app, session):
        """
        I just override method. Just demonstration.
        It's called from save_session() and open_session()
        """
        if session.get('user_type') == UNIQUE_USER_TYPE:
            # set 1 hour for unique users
            delta = datetime.utcnow() + timedelta(hours=1)
        else:
            # set 3 hour for default users
            delta = datetime.utcnow() + timedelta(hours=3)
        # add datetime data into session
        session['lifetime'] = delta.strftime('%Y-%m-%dT%H:%M:%S')
        return delta
# use our custom session implementation
flask_app.session_interface = UserTypeSessionInterface()

Now run server, open new private window, /login-default and /session-state:

# default behaviour
{
  "lifetime": "2018-11-06T16:22:21", 
  "user_type": "default"
}

Open one more private window, /login-unique and /session-state:

# unique behaviour
{
   "lifetime": "2018-11-06T14:25:17", 
   "user_type": "unique"
}

So, session store tool doesn't matter(redis, cassandra or something else). All what you need is just implement open_session() and save_session():

class YourSessionProcessor(SessionInterface):

    def open_session(self, app, request):
        # just do here all what you need
        pass

    def save_session(self, app, session, response):
        # just do here all what you need
        pass

flask_app.session_interface = YourSessionProcessor()

Also you can use custom session class(just an example):

from flask.sessions import SessionMixin
from werkzeug.datastructures import CallbackDict

class CustomSession(CallbackDict, SessionMixin):

    def __init__(self, initial=None, sid=None):
        def on_update(self):
            self.modified = True

        CallbackDict.__init__(self, initial, on_update=on_update)
        self.sid = sid
        self.modified = False

# YourSessionProcessor
def open_session(self, app, request):
    # you can find any useful data in request
    # you can find all settings in app.config
    sid = request.cookies.get(app.session_cookie_name)
    # ... do here everything what you need
    return CustomSession(sid=sid)

Hope this helps.

Danila Ganchar
  • 10,266
  • 13
  • 49
  • 75