The basic interface you have to implement in order to replace the default session interface which uses werkzeug's securecookie implementation. The only methods you have to implement are :meth:open_session and :meth:save_session, the others have useful defaults which you don't need to change.
Attributes
| Attribute | Type | Description |
|---|
| null_session_class | type = NullSession | The class that should be created when a null session is requested by make_null_session or checked by is_null_session. |
| pickle_based | boolean = False | A flag that indicates if the session interface is pickle based, used by Flask extensions to decide how to deal with the session object. |
Constructor
Signature
Methods
make_null_session()
@classmethod
def make_null_session(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > [NullSession](nullsession.md?sid=flask_sessions_nullsession)
Creates a null session which acts as a replacement object if the real session support could not be loaded due to a configuration error. This mainly aids the user experience because the job of the null session is to still support lookup without complaining but modifications are answered with a helpful error message of what failed.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance used to access configuration and session settings. |
Returns
| Type | Description |
|---|
[NullSession](nullsession.md?sid=flask_sessions_nullsession) | An instance of the null session class that provides a safe fallback for session operations. |
is_null_session()
@classmethod
def is_null_session(
obj: object
) - > bool
Checks if a given object is a null session. Null sessions are not asked to be saved.
Parameters
| Name | Type | Description |
|---|
| obj | object | The session object to be checked for null status. |
Returns
| Type | Description |
|---|
bool | True if the object is an instance of the configured null session class, False otherwise. |
get_cookie_name()
@classmethod
def get_cookie_name(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > str
The name of the session cookie. Usesapp.config["SESSION_COOKIE_NAME"].
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
str | The string identifier used as the key for the session cookie in HTTP headers. |
get_cookie_domain()
@classmethod
def get_cookie_domain(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > str | None
The value of the Domain parameter on the session cookie. If not set, browsers will only send the cookie to the exact domain it was set from.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
get_cookie_path()
@classmethod
def get_cookie_path(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > str
Returns the path for which the cookie should be valid. The default implementation uses the value from the SESSION_COOKIE_PATH config var if it's set, and falls back to APPLICATION_ROOT or uses / if it's None.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
str | The URL path prefix that restricts where the browser sends the session cookie. |
get_cookie_httponly()
@classmethod
def get_cookie_httponly(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > bool
Returns True if the session cookie should be httponly. This currently just returns the value of the SESSION_COOKIE_HTTPONLY config var.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the HttpOnly flag should be set to prevent client-side script access. |
get_cookie_secure()
@classmethod
def get_cookie_secure(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > bool
Returns True if the cookie should be secure. This currently just returns the value of the SESSION_COOKIE_SECURE setting.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the Secure flag should be set to ensure the cookie is only sent over HTTPS. |
get_cookie_samesite()
@classmethod
def get_cookie_samesite(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > str | None
Return 'Strict' or 'Lax' if the cookie should use the SameSite attribute. This currently just returns the value of the :data:SESSION_COOKIE_SAMESITE setting.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
get_cookie_partitioned()
@classmethod
def get_cookie_partitioned(
app: [Flask](../app/flask.md?sid=flask_app_flask)
) - > bool
Returns True if the cookie should be partitioned. By default, uses the value of :data:SESSION_COOKIE_PARTITIONED.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance containing the session configuration. |
Returns
| Type | Description |
|---|
bool | True if the Partitioned attribute should be set for Chips (Cookies Having Independent Partitioned State). |
get_expiration_time()
@classmethod
def get_expiration_time(
app: [Flask](../app/flask.md?sid=flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin)
) - > datetime | None
A helper method that returns an expiration date for the session or None if the session is linked to the browser session. The default implementation returns now + the permanent session lifetime configured on the application.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance used to calculate the lifetime offset. |
| session | [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin) | The session object to check for the permanent flag. |
Returns
| Type | Description |
|---|
| `datetime | None` |
should_set_cookie()
@classmethod
def should_set_cookie(
app: [Flask](../app/flask.md?sid=flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin)
) - > bool
Used by session backends to determine if a Set-Cookie header should be set for this session cookie for this response. If the session has been modified, the cookie is set. If the session is permanent and the SESSION_REFRESH_EACH_REQUEST config is true, the cookie is always set.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance used to check refresh configuration. |
| session | [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin) | The current session object being evaluated for changes or permanence. |
Returns
| Type | Description |
|---|
bool | True if the response should include a Set-Cookie header to update the client's session. |
open_session()
@classmethod
def open_session(
app: [Flask](../app/flask.md?sid=flask_app_flask),
request: [Request](../wrappers/request.md?sid=flask_wrappers_request)
) - > SessionMixin | None
This is called at the beginning of each request, after pushing the request context, before matching the URL.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance processing the request. |
| request | [Request](../wrappers/request.md?sid=flask_wrappers_request) | The current request object used to extract session data (e.g., from cookies). |
Returns
| Type | Description |
|---|
| `SessionMixin | None` |
save_session()
@classmethod
def save_session(
app: [Flask](../app/flask.md?sid=flask_app_flask),
session: [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin),
response: [Response](../wrappers/response.md?sid=flask_wrappers_response)
) - > null
This is called at the end of each request, after generating a response, before removing the request context. It is skipped if :meth:is_null_session returns True.
Parameters
| Name | Type | Description |
|---|
| app | [Flask](../app/flask.md?sid=flask_app_flask) | The Flask application instance processing the request. |
| session | [SessionMixin](sessionmixin.md?sid=flask_sessions_sessionmixin) | The session object to be persisted or updated. |
| response | [Response](../wrappers/response.md?sid=flask_wrappers_response) | The response object where session cookies or headers will be attached. |
Returns