SecureCookieSessionInterface
The default session interface that stores sessions in signed cookies through the :mod:itsdangerous module.
Attributes
| Attribute | Type | Description |
|---|---|---|
| salt | string = "cookie-session" | the salt that should be applied on top of the secret key for the signing of cookie based sessions. |
| digest_method | callable = staticmethod(_lazy_sha1) | the hash function to use for the signature. |
| key_derivation | string = "hmac" | the name of the itsdangerous supported key derivation. |
| serializer | object = session_json_serializer | A python serializer for the payload. |
| session_class | type = SecureCookieSession | The class used to create session objects, which defaults to SecureCookieSession. |
Constructor
Signature
def SecureCookieSessionInterface() - > null
Methods
get_signing_serializer()
@classmethod
def get_signing_serializer(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > URLSafeTimedSerializer | null
Creates and returns a serializer used to sign and verify session cookies using the application's secret keys. It incorporates fallback keys from the application configuration to ensure session continuity during key rotation.
Parameters
| Name | Type | Description |
|---|---|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance providing the secret keys and configuration for the serializer. |
Returns
| Type | Description |
|---|---|
| `URLSafeTimedSerializer | null` |
open_session()
@classmethod
def open_session(
app: [Flask](../app/flask.md?sid=flask_app_flask),
request: [Request](../wrappers/request.md?sid=flask_wrappers_request)
) - > SecureCookieSession | null
Retrieves the session data from a signed cookie in the incoming request. If the cookie is missing or the signature is invalid, it returns a new empty session object.
Parameters
| Name | Type | Description |
|---|---|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance used to access session lifetime settings and the signing serializer. |
| request | [Request](../wrappers/request.md?sid=flask_wrappers_request) | The incoming request object containing the cookies to be parsed. |
Returns
| Type | Description |
|---|---|
| `SecureCookieSession | null` |
save_session()
@classmethod
def save_session(
app: [Flask](../app/flask.md?sid=flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin),
response: [Response](../wrappers/response.md?sid=flask_wrappers_response)
) - > null
Saves the session data back to a signed cookie in the response or deletes the cookie if the session has been emptied. It also manages the 'Vary: Cookie' header to ensure proper downstream caching behavior.
Parameters
| Name | Type | Description |
|---|---|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance used to determine cookie attributes like domain, path, and security flags. |
| session | [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin) | The session object containing the data to be persisted or cleared. |
| response | [Response](../wrappers/response.md?sid=flask_wrappers_response) | The outgoing response object where the session cookie or deletion header will be set. |
Returns
| Type | Description |
|---|---|
null | Nothing is returned; the response object is modified in-place. |