watch this The wheels are turning, slowly turning. home
Twisted Web in 60 seconds: session basics 2009-11-18

Welcome to the 15th installment of “Twisted Web in 60 seconds”. As promised, I’ll be covering sessions in this installment. Or, more accurately, I’ll be covering a tiny bit of sessions. As this is the most complicated topic I’ve covered so far, I’m going to take a few installments to cover all the different aspects.



In this installment, you can expect to learn the very basics of the Twisted Web session API: how to get the session object for the current request and how to prematurely expire a session.



Before I get into the APIs, though, I should explain the big picture of sessions in Twisted Web. Sessions are represented by instances of Session. The Site creates a new instance of Session the first time an application asks for it for a particular session. Session instances are kept on the Site instance until they expire (due to inactivity or because they are explicitly expired). Each time after the first that a particular session’s Session object is requested, it is retrieved from the Site.



With the conceptual underpinnings of the upcoming API in place, here comes the example. This will be a very simple rpy script which tells a user what their unique session identifier is and lets them prematurely expire it.



First, I’ll import Resource so I can define a couple subclasses of it:



  from twisted.web.resource import Resource



Next I’ll define the resource which tells the client what its session identifier is. This is done easily by first getting the session object using Request.getSession and then getting the session object’s uid attribute.



  class ShowSession(Resource):
      def render_GET(self, request):
          return 'Your session id is: ' + request.getSession().uid



To let the client expire their own session before it times out, I’ll define another resource which expires whatever session it is requested with. This is done using the Session.expire method.



  class ExpireSession(Resource):
      def render_GET(self, request):
          request.getSession().expire()
          return 'Your session has been expired.'



Finally, to make the example an rpy script, I’ll make an instance of ShowSession and give it an instance of ExpireSession as a child using Resource.putChild (covered earlier).



  resource = ShowSession()
  resource.putChild("expire", ExpireSession())



And that is the complete example. You can fire this up and load the top page. You’ll see a (rather opaque) session identifier that remains the same across reloads (at least until you flush the TWISTED_SESSION cookie from your browser or enough time passes). You can then visit the expire child and go back to the top page and see that you have a new session.



Here’s the complete source for the example.



from twisted.web.resource import Resource

class ShowSession(Resource):
    def render_GET(self, request):
        return 'Your session id is: ' + request.getSession().uid

class ExpireSession(Resource):
    def render_GET(self, request):
        request.getSession().expire()
        return 'Your session has been expired.'

resource = ShowSession()
resource.putChild("expire", ExpireSession())



Next time I’ll talk about how you can persist information in the session object.