Sessions are the most complicated topic covered in this series of examples, and because of that it is going to take a few examples to cover all of the different aspects. This first example demonstrates the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.
Before diving into the APIs, let’s look at the big picture of
sessions in Twisted Web. Sessions are represented by instances
Session . The
Site creates a new instance
Session the first time an application asks for it for
a particular session.
Session instances are kept on
Site instance until they expire (due to inactivity or
because they are explicitly expired). Each time after the first that a
Session object is requested, it is
retrieved from the
With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script which tells a user what its unique session identifier is and lets it prematurely expire the session.
First, we’ll import
Resource so we can define a couple of
subclasses of it:
from twisted.web.resource import Resource
Next we’ll define the resource which tells the client what its session
identifier is. This is done easily by first getting the session object
then getting the session object’s uid attribute:
class ShowSession(Resource): def render_GET(self, request): return b'Your session id is: ' + request.getSession().uid
To let the client expire its own session before it times out, we’ll define
another resource which expires whatever session it is requested with. This is
done using the
class ExpireSession(Resource): def render_GET(self, request): request.getSession().expire() return b'Your session has been expired.'
Finally, to make the example an rpy script, we’ll make an instance
ShowSession and give it an instance
ExpireSession as a child using
resource = ShowSession() resource.putChild(b"expire", ExpireSession())
And that is the complete example. You can fire this up and load the top
page. You’ll see a (rather opaque) session identifier that remains the same
across reloads (at least until you flush the
from your browser or enough time passes). You can then visit
expire child and go back to the top page and see that you have
a new session.
Here’s the complete source for the example:
from twisted.web.resource import Resource class ShowSession(Resource): def render_GET(self, request): return b'Your session id is: ' + request.getSession().uid class ExpireSession(Resource): def render_GET(self, request): request.getSession().expire() return b'Your session has been expired.' resource = ShowSession() resource.putChild(b"expire", ExpireSession())