def save_session(self, app, session, response):
"""
arguments:
app -- (Flask) the Flask applcation
request -- (Request) the request object
session -- (Session) the session object
implements the save_session method that saves the session or clears it
based on the timeout limit, this function also extends the expiration time of the current session
"""
if not session:
return
# Extend the expiration based on either the time out limit set here or the permanent_session_lifetime property of the app
if self.get_expiration_time(app, session):
expiration = self.get_expiration_time(app, session)
else:
if "session_check" in session and session["session_check"] and SessionTable.doesSessionExist(session.sid):
# This is just a session check, don't extend expiration time
expiration = SessionTable.getTimeout(session.sid)
# Make sure next route call does not get counted as session check
session["session_check"] = False
else:
expiration = datetime.utcnow() + timedelta(seconds=SessionTable.TIME_OUT_LIMIT)
if(not "_uid" in session):
session["_uid"] = _create_identifier()
SessionTable.newSession(session.sid,session,expiration)
DynamoInterface.CountLimit = DynamoInterface.CountLimit + 1
if DynamoInterface.CountLimit % DynamoInterface.SESSSION_CLEAR_COUNT_LIMIT == 0 :
SessionTable.clearSessions()
DynamoInterface.CountLimit = 1
# Return session ID as header x-session-id
response.headers["x-session-id"] = session.sid
def save_session(self, app, session, response):
"""
arguments:
app -- (Flask) the Flask applcation
request -- (Request) the request object
session -- (Session) the session object
implements the save_session method that saves the session or clears it
based on the timeout limit, this function also extends the expiration time of the current session
"""
domain = self.get_cookie_domain(app)
if not session:
response.delete_cookie(app.session_cookie_name, domain=domain)
return
# Extend the expiration based on either the time out limit set here or the permanent_session_lifetime property of the app
if self.get_expiration_time(app, session):
expiration = self.get_expiration_time(app, session)
else:
expiration = datetime.utcnow() + timedelta(
seconds=SessionTable.TIME_OUT_LIMIT)
if (not "_uid" in session):
session["_uid"] = _create_identifier()
SessionTable.newSession(session.sid, session, expiration)
DynamoInterface.CountLimit = DynamoInterface.CountLimit + 1
if DynamoInterface.CountLimit % DynamoInterface.SESSSION_CLEAR_COUNT_LIMIT == 0:
SessionTable.clearSessions()
DynamoInterface.CountLimit = 1
response.set_cookie(app.session_cookie_name,
session.sid,
expires=self.get_expiration_time(app, session),
httponly=True,
domain=domain)
def save_session(self, app, session, response):
"""
arguments:
app -- (Flask) the Flask applcation
request -- (Request) the request object
session -- (Session) the session object
implements the save_session method that saves the session or clears it
based on the timeout limit, this function also extends the expiration time of the current session
"""
domain = self.get_cookie_domain(app)
if not session:
response.delete_cookie(app.session_cookie_name, domain=domain)
return
# Extend the expiration based on either the time out limit set here or the permanent_session_lifetime property of the app
if self.get_expiration_time(app, session):
expiration = self.get_expiration_time(app, session)
else:
expiration = datetime.utcnow() + timedelta(seconds=SessionTable.TIME_OUT_LIMIT)
if(not "_uid" in session):
session["_uid"] = _create_identifier()
SessionTable.newSession(session.sid,session,expiration)
DynamoInterface.CountLimit = DynamoInterface.CountLimit + 1
if DynamoInterface.CountLimit % DynamoInterface.SESSSION_CLEAR_COUNT_LIMIT == 0 :
SessionTable.clearSessions()
DynamoInterface.CountLimit = 1
response.set_cookie(app.session_cookie_name, session.sid,
expires=self.get_expiration_time(app, session),
httponly=True, domain=domain)
def resetID(session):
"""
arguments:
session -- (Session) the session object
resets the _uid in cases that the session becomes invalid
"""
session["_uid"] = _create_identifier()
def resetID(session):
"""
arguments:
session -- (Session) the session object
resets the _uid in cases that the session becomes invalid
"""
session["_uid"] = _create_identifier()
def isSessionSecure(session):
"""
arguments:
session -- (Session) the session object
checks if the user is the one who created the session.
"""
if( "_uid" in session):
if(not session["_uid"] == _create_identifier()):
return False
return True
else :
return False
def isSessionSecure(session):
"""
arguments:
session -- (Session) the session object
checks if the user is the one who created the session.
"""
if ("_uid" in session):
if (not session["_uid"] == _create_identifier()):
return False
return True
else:
return False
def create_identifier_json_serializeable(app):
assert isinstance(json.dumps(_create_identifier()), basestring)
def create_identifier_json_serializeable(app):
assert isinstance(json.dumps(_create_identifier()), basestring)