joerussbowman / asyncmongo-sessions Goto Github PK
View Code? Open in Web Editor NEWA sessions library for Tornado using AsyncMongo
A sessions library for Tornado using AsyncMongo
AsyncmongoSession class, used to manage persistence across multiple requests. Uses a mongodb backend and Cookies. This library is designed for use with Tornado. Built on top of asyncmongo by bit.ly - https://github.com/bitly/asyncmongo The decorator is written to be completely asynchronous and not block. There are also some built in security features for the session. Only a token is stored as a cookie, all data is stored in MongoDB. The token rotates on a schedule you can define, the default is a token is valid for 5 seconds, with the 3 most recent tokens being considered valid. This helps lessen the risks associated with session fixation for non-ssl connections. Because of this the library will be more write heavy than standard session implementations. The session is added as session property to your request handler, ie: self.session. It can be manipulated as your would any dictionary object. Included with the library is a settings file, configured for default permissions. Some of the more advanced tuning you can do is with token expiration. In order to create some additional security for sessions used in a non-ssl environment, the token stored in the browser rotates. If you are using ssl, or more interested in performance than security you can set SESSION_TOKEN_TTL to an extremely high number to avoid writes. Note: In an effort increate performance, all writes are delayed until after the request method has completed. Example: @tornado.web.asynchronous @asyncmongosession def get(self): if self.session.has_key("test"): self.session["test"] += 1 else: self.session["test"] = 0 self.render("index.html", session=self.session) IMPORTANT: If using the asynchronous wrapper from Tornado you must wrap the asyncmongosession with it, not the other way around. Otherwise it will error and not render because the request finish method will be called multiple times. TODO: Support signed cookie data as session data. In instances where the session data doesn't need to be protected, such as anonymous users, it would be beneficial to not have any read/write processes happening to the database.
Hello,
I use in url custom args, example
(r"/(\w+)", MainHandler)
class MainHandler:
@asyncmongosession
@gen.engine
def get(self, who):
print who
asyncmongo session decorator not send this args to function
The current implementation won't work for any asynchronous methods. It's because it calls the method and then immediately tries to save the function. I need to figure out how to wrap the method call.
Session is writing headers, like set cookie, to the request method. Because of this it breaks redirect.
Commit 0c2cb8f has an ugly hack in it.
The problem is I found that on some requests, notably a post in the case where I was able to produce it, finish was getting called early. It appeared to get called during the db lookup where _validate_session was the callback. Testing showed that finish was getting called even before _validate_session was called, so somehow on that read from MongoDB. I don't see any reference to finish method in asyncmongo at all. Not sure what's going on there.
Later I may try to come up with a solid test case I can post code for reproducing. Right now a work around is in place and I may just leave it so I can get back to work prototyping the application I started building this session library for.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.