With Flask Session Plus you can use multiple different backends and choose what session variables are saved on what backend.
It works on python >= 3.4 For the moment it should work on python 2.7 but it is not tested yet. If something does not work properly please open a bug report.
pip install flask-session-plus
For Flask Multi Session to work, all you have to do is define all your sessions on a simple configuration variable called SESSION_CONFIG
, and init the extension.
# example using the Google Firestore backend
from google.cloud import firestore
SESSION_CONFIG = [
# First session will store the csrf_token only on it's own cookie.
{
'cookie_name': 'csrf',
'session_type': 'secure_cookie',
'session_fields': ['csrf_token'],
},
# Second session will store the user logged in inside the firestore sessions collection.
{
'cookie_name': 'session',
'session_type': 'firestore',
'session_fields': ['user_id', 'user_data'],
'client': firestore.Client(),
'collection': 'sessions',
},
# Third session will store any other values set on the Flask session on it's own secure cookie
{
'cookie_name': 'data',
'session_type': 'secure_cookie',
'session_fields': 'auto'
},
# ... as many sessions as you want
]
Caution: session_fields can collide if they have the same name and the same meaning. If they don't have the same meaning, you must use different field names.
The above configuration will define three session interfaces:
After configuring just register it as an extension:
from flask_session_plus import Session
app = Flask(__name__)
Session(app)
or
from flask_session_plus import Session
app = Flask(__name__)
session = Session()
session.init_app(app)
'secure_cookie'
)'firestore'
)'redis'
)'mongodb'
)'memcache'
)More Backend Session Interfaces can be created by subclassing BackendSessionInterface
and overwriting the following methods:
__init__
open_session
save_session
Common properties for all backends:
Property name | Required | Default | Description |
---|---|---|---|
cookie_name |
True |
The name of the cookie to use. It also serves as a key for different sessions. | |
session_type |
False |
'secure_cookie' |
The session backend to use. |
session_fields |
False |
[] |
The fields that are owned by this session. An empty list means: 'include all fields'. It can be: 1) an array of fields to include, 2) a dict with the keys 'include' or 'exclude', to include or exclude a list of fields or 3) the string 'auto' to auto exclude all the other session fields. |
Properties for SecureCookie (available for all backends):
Property name | Required | Default | Description |
---|---|---|---|
cookie_domain |
False |
The domain for the session cookie. If this is not set, the cookie will be valid for all subdomains of SERVER_NAME.. | |
cookie_path |
False |
The path for the session cookie. If this is not set the cookie will be valid for all of APPLICATION_ROOT or if that is not set for '/'. | |
cookie_httponly |
False |
True |
Whether to allow access the cookie only over http or other ways (javascript). |
cookie_secure |
False |
False |
Whether to serve this cookie over https only. |
cookie_max_age |
False |
None |
The cookie expiration time in seconds. None means the cookie will expire at browser close. |
cookie_samesite |
False |
'Lax' |
The cookie samesite configuration. |
Properties available for any other backend rather than SecureCookie:
Property name | Required | Default | Description |
---|---|---|---|
session_lifetime |
False |
timedelta(days=1) |
The duration for a valid session. Not used on SecureCookie backend. |
session_permanent_lifetime |
False |
timedelta(days=31) |
The duration for a valid session when it's marked as permanent. Not used on SecureCookie backend. |
key_prefix |
False |
'session' |
The prefix to use in the store_id. |
use_signer |
False |
False |
Whether to sign the session id cookie or not. |
Properties available for the Google Firestore backend:
Property name | Required | Default | Description |
---|---|---|---|
client |
True |
The engine. An instance of firestore.Client. | |
collection |
True |
The firestore collection you want to use to store sessions. |
Properties available for the Redis backend:
Property name | Required | Default | Description |
---|---|---|---|
client |
True |
The engine. An instance of redis.Redis. |
Properties available for the MongoDB backend:
Property name | Required | Default | Description |
---|---|---|---|
client |
True |
The engine. An instance of redis.Redis. | |
db |
True |
The database you want to use. | |
collection |
True |
The mongodb collection you want to use to store sessions. |
Properties available for the Memcache backend:
Property name | Required | Default | Description |
---|---|---|---|
client |
True |
The engine. An instance of memcache.Client. |