Search code examples
pythonbottlebeaker

Beaker as session middleware

I'm writing an app using bottle.py and beaker.middleware.SessionMiddleware:

How can I modify the session.timeout and session.cookie_expires values so I can implement a login system that logs the user in for 30 days?

I already implemented the standard login system so everything works until the browser closes, but I'd like to modify those values if the user checks the Remember me checkbox.

I thought of two variants if the user checks the Remember me checkbox:

  • Set session.cookie_expires and session.timeout to 30 days, but it seems that I can't modify these values at run-time because the cookie I recieve expires at the end of the browser session, ignoring my runtime modifications.

  • Set session.timeout to 30 days and overwrite the cookie named beaker.session.id writing the same session id but different expiry date. But the run-time problem from point 1. remains and it seems that I can't access the session's id that I just created with beaker, so I don't know what to store in the cookie.

How can I implement this?

Solution

  • The only solution I come up with is to implement my own little backend and setting cookies myself, without beaker.

    For posterity's sake, the code is here: https://github.com/paulbarbu/bottle-upload/blob/master/index.py Methods: login_bl, upload_view(db), is_logged_in, and logout(). Please note this is some VERY old code and NOT production ready, use at your own risk, some code snippets from the above link follow:

    Login:

    @post('/login')
def login_bl(db):
import hashlib

nick = request.forms.nick.lower()
password = hashlib.sha1(request.forms.password).hexdigest()

message = {}
error = None

uid  = get_user_id(db, nick, password)

if uid:
    sess = request.environ.get('beaker.session')
    sess['uid'] = uid
    # .... do other stuff for the logged in user

    Logout:

    @get('/logout')
def logout():
if not is_logged_in():
    redirect('/login')
else:
    sess = request.environ.get('beaker.session')
    sess.delete()

return template('logout.tpl')

    Is the user logged in?

    def is_logged_in():
'''Check whether the user sent a cookie that holds a Beaker created
session id
'''

sess_id = request.cookies.get('beaker.session.id', False)

if not sess_id:
    return False

sess = request.environ.get('beaker.session')

if 'uid' not in sess:
    return False

return True