Session¶
-
class
gafaelfawr.session.
Session
(handle: SessionHandle, token: VerifiedToken, email: str, created_at: datetime, expires_on: datetime)¶ Bases:
object
An authentication session.
Notes
The JWT is the user’s authentication credentials and could be used alone. However JWTs tend to be long, which causes various problems in practice. Therefore, JWTs are stored in authentication sessions, and the session handle can be used instead of the JWT.
The session handle is represented by the
SessionHandle
class. It consists of a key and a secret. The key corresponds to the Redis key under which the session is stored. The secret must match the corresponding secret inside the encrypted Redis session value. This approach prevents someone with access to list the Redis keys from using a Redis key directly as a session handle.Methods Summary
create
(handle, token)Create a new session. Methods Documentation
-
classmethod
create
(handle: SessionHandle, token: VerifiedToken) → Session¶ Create a new session.
Parameters: - handle (
SessionHandle
) – The handle for this session. - token (
gafaelfawr.tokens.VerifiedToken
) – The token to store in this session.
Returns: session – The newly-created session.
Return type: - handle (
-
classmethod