The basic interface you have to implement in order to replace the default session interface which uses werkzeug's securecookie implementation. The only methods you have to implement are :meth:open_session and :meth:save_session, the others have useful defaults which you don't need to change.
Attributes
| Attribute | Type | Description |
|---|
| null_session_class | type = NullSession | The class that should be created when a null session is requested by make_null_session or checked by is_null_session. |
| pickle_based | bool = False | A flag that indicates if the session interface is pickle based, used by Flask extensions to decide how to deal with the session object. |
Constructor
Signature
Methods
make_null_session()
@classmethod
def make_null_session(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > [NullSession](nullsession.md?sid=src_flask_sessions_nullsession)
Creates a null session which acts as a replacement object if the real session support could not be loaded due to a configuration error. This mainly aids the user experience because the job of the null session is to still support lookup without complaining but modifications are answered with a helpful error message of what failed.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance used to access configuration for the null session. |
Returns
| Type | Description |
|---|
[NullSession](nullsession.md?sid=src_flask_sessions_nullsession) | An instance of the null session class that provides a safe fallback for session operations. |
is_null_session()
@classmethod
def is_null_session(
obj: object
) - > bool
Checks if a given object is a null session. Null sessions are not asked to be saved.
Parameters
| Name | Type | Description |
|---|
| obj | object | The session object to validate against the null session type. |
Returns
| Type | Description |
|---|
bool | True if the object is an instance of the configured null session class, False otherwise. |
get_cookie_name()
@classmethod
def get_cookie_name(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > str
The name of the session cookie. Usesapp.config["SESSION_COOKIE_NAME"].
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
str | The string identifier used as the key for the session cookie in HTTP headers. |
get_cookie_domain()
@classmethod
def get_cookie_domain(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > str | None
The value of the Domain parameter on the session cookie. If not set, browsers will only send the cookie to the exact domain it was set from. Otherwise, they will send it to any subdomain of the given value as well.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
get_cookie_path()
@classmethod
def get_cookie_path(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > str
Returns the path for which the cookie should be valid. The default implementation uses the value from the SESSION_COOKIE_PATH config var if it's set, and falls back to APPLICATION_ROOT or uses / if it's None.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
str | The URL path prefix that limits the scope of the session cookie. |
get_cookie_httponly()
@classmethod
def get_cookie_httponly(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > bool
Returns True if the session cookie should be httponly. This currently just returns the value of the SESSION_COOKIE_HTTPONLY config var.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the HttpOnly flag should be set to prevent client-side script access. |
get_cookie_secure()
@classmethod
def get_cookie_secure(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > bool
Returns True if the cookie should be secure. This currently just returns the value of the SESSION_COOKIE_SECURE setting.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the Secure flag should be set to ensure the cookie is only sent over HTTPS. |
get_cookie_samesite()
@classmethod
def get_cookie_samesite(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > str | None
Return 'Strict' or 'Lax' if the cookie should use the SameSite attribute. This currently just returns the value of the :data:SESSION_COOKIE_SAMESITE setting.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
get_cookie_partitioned()
@classmethod
def get_cookie_partitioned(
app: [Flask](../app/flask.md?sid=src_flask_app_flask)
) - > bool
Returns True if the cookie should be partitioned. By default, uses the value of :data:SESSION_COOKIE_PARTITIONED.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the Partitioned attribute should be set for Chips (Cookies Having Independent Partitioned State). |
get_expiration_time()
@classmethod
def get_expiration_time(
app: [Flask](../app/flask.md?sid=src_flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin)
) - > datetime | None
A helper method that returns an expiration date for the session or None if the session is linked to the browser session. The default implementation returns now + the permanent session lifetime configured on the application.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance used to calculate the lifetime. |
| session | [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin) | The session object whose expiration time is being calculated. |
Returns
| Type | Description |
|---|
| `datetime | None` |
should_set_cookie()
@classmethod
def should_set_cookie(
app: [Flask](../app/flask.md?sid=src_flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin)
) - > bool
Used by session backends to determine if a Set-Cookie header should be set for this session cookie for this response. If the session has been modified, the cookie is set. If the session is permanent and the SESSION_REFRESH_EACH_REQUEST config is true, the cookie is always set.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance containing the refresh configuration. |
| session | [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin) | The session object to check for modifications or permanence. |
Returns
| Type | Description |
|---|
bool | True if the response should include a Set-Cookie header for the session. |
open_session()
@classmethod
def open_session(
app: [Flask](../app/flask.md?sid=src_flask_app_flask),
request: [Request](../wrappers/request.md?sid=src_flask_wrappers_request)
) - > SessionMixin | None
This is called at the beginning of each request, after pushing the request context, before matching the URL.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance handling the request. |
| request | [Request](../wrappers/request.md?sid=src_flask_wrappers_request) | The current request object used to retrieve session data (e.g., from cookies). |
Returns
| Type | Description |
|---|
| `SessionMixin | None` |
save_session()
@classmethod
def save_session(
app: [Flask](../app/flask.md?sid=src_flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin),
response: [Response](../wrappers/response.md?sid=src_flask_wrappers_response)
) - > None
This is called at the end of each request, after generating a response, before removing the request context. It is skipped if :meth:is_null_session returns True.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=src_flask_app_flask) | The Flask application instance handling the request. |
| session | [SessionMixin](sessionmixin.md?sid=src_flask_sessions_sessionmixin) | The session object to be persisted or updated. |
| response | [Response](../wrappers/response.md?sid=src_flask_wrappers_response) | The response object where session cookies or headers will be set. |
Returns
| Type | Description |
|---|
None | Nothing. |