Middleware¶
- class redsession.ServerSessionMiddleware(app, backend, secret_key, session_length=16, name_cookie='s', max_age=604800, path='/', domain=None, same_site='lax', https_only=False)[source]¶
Bases:
objectThis class implements middleware for working with sessions on the server side.
- Parameters:
app (ASGIApp) – The ASGI application.
backend (
BaseAsyncBackend) – The backend to store the session data asynchronously.secret_key (
Iterable|str) – A secret key used for signing session data. If a list of strings is provided, the first element will be used for signing, and others for verification (useful for key rotation).session_length (
int, optional) – Session length without hex conversion and without signature. Default is 16.name_cookie (
str, optional) – The name of the session cookie. Default is “s”.max_age (
int, optional) – The maximum age of the session, in seconds. Default is 604800 (7 days). If set to 0 orNone, the session will not expire (Not recommended)path (
str, optional) – The path for which the session cookie is valid. Default is “/”.domain (
str|None, optional) – The domain for which the session cookie is valid. Default isNone.same_site (
Literal["lax", "strict", "none"], optional) – The SameSite attribute for the session cookie. Must be one of “lax”, “strict”, or “none”. Default is “lax”.https_only (
bool, optional) – If True, the “secure” flag will be added to the session cookie, making it accessible only over HTTPS. Default is False.
Attention
If you want to change the session length, read the OWASP Sheet Cheat first before using it.
It is also worth knowing that reducing the session length may cause the session to be repeated (in Redis does not store the session signature).
Note
If you have any questions about the use of cookie settings, please refer to the Mozila documentation