Search code examples
google-app-enginesessionwebapp2

GAE webapp2 session: the correct process of creating and checking sessions

I tried to implement GAE's webapp2 session, but there seems very little documentation about it. According to http://webapp-improved.appspot.com/api/webapp2_extras/sessions.html, my steps are as follows:

1.Configure and add config to the main application:

config = {}
config['webapp2_extras.sessions'] = {
    'secret_key': 'my_secret_key',
}
app = webapp2.WSGIApplication([...], config=config)

2.Create session in the login handler

# Delete existent session
  --> not mention in the tutorial
# member is found    
self.session_store = sessions.get_store(request=handler.request)
self.session['account'] = member.account

3.Check if a session exists at various locations in my program

if self.session['account']:
    # Session exists

4.Delete session when user logs out

--> not mentioned in the tutorial

My questions:

  1. I got error message " ... object has no attribute 'session'" during the session creation process (Step 2)

  2. How do I delete a session in steps 2 and 4?

  3. Is the overall session management process correct?

Thanks.

Solution

  • This may not be a direct answer to the question, but it is a solution I found using gaesessions instead of GAE's webapp2 session and I would like to share with everybody. Here we go:

    1. Download gaesessions from https://github.com/dound/gae-sessions by clicking "Download ZIP" button. The downloaded file is "gae-sessions-master.zip".

    2. Unzip the file (a directory "gae-sessions-master" will be created), and copy the directory "gaessions" to the root directory of your application (i.e., where "app.yaml" is)

    3. Create a file called "appengine_config.py" in the root directory, with the following content (copied form https://github.com/dound/gae-sessions/tree/master/demo):

      from gaesessions import SessionMiddleware

# Original comments deleted ... 
# Create a random string for COOKIE_KDY and the string has to
# be permanent. "os.urandom(64)" function may be used but do
# not use it *dynamically*.
# For me, I just randomly generate a string of length 64
# and paste it here, such as the following:

COOKIE_KEY = 'ppb52adekdhD25dqpbKu39dDKsd.....'

def webapp_add_wsgi_middleware(app):
    from google.appengine.ext.appstats import recording
    app = SessionMiddleware(app, cookie_key=COOKIE_KEY)
    app = recording.appstats_wsgi_middleware(app)
    return app

    4. Create a session when a user logs in (variable account is the user's account):

      from gaesessions import get_current_session
session = get_current_session()
if session.is_active():
    session.terminate()
# start a session for the user (old one was terminated)
session['account'] = account

    5. Check if the user's session exists, if yes, return user's account:

      from gaesessions import get_current_session
def checkSession():
    session = get_current_session()
    if session.is_active():
        return session['account']
    return False

    6. Delete the session when the user logs out:

      def logout():
    session = get_current_session()
    if session.is_active():
        session.terminate()

    7. Finally, you may create a cron job to clean expired sessions periodically:

    cron.yaml:

    - description: daily session cleanup
  url: /clean_up_sessions
  schedule: every day 3:00
  timezone: ... (Your time zone)

    Function:

    from gaesessions import delete_expired_sessions
class clean_up_sessions(webapp2.RequestHandler):
    def get(self):
        while not delete_expired_sessions():
            pass

    Hope this helps.