So, first let me say... I love Tornado. Love it. It's simple, it's easy, it's asynchronous and non-blocking! What's not to love?
For me, I particularly have a fondness for Redis and using it for reliable web session storage and access. Whether you love it or hate it, I could care less, but I personally like it and it suits my needs quite well for most projects.
So taking these two technologies and using the awesome power of Tornado, and the great "No-SQL" (p.s. "No-SQL" is a stupid term) Redis and merging the two sounded like a pretty great idea. There remains only one problem.... Tornado really doesn't have a great native session handler! So I said to myself... Go forth and build Mike! And that leads us here to our session.py file:
try: import cPickle as pickle except: import pickle from uuid import uuid4 import time class RedisSessionStore: def __init__(self, redis_connection, **options): self.options = { 'key_prefix': 'session', 'expire': 5184000, } self.options.update(options) self.redis = redis_connection def prefixed(self, sid): return '%s:%s' % (self.options['key_prefix'], sid) def generate_sid(self, ): return uuid4().get_hex() def get_session(self, sid, name): data = self.redis.hget(self.prefixed(sid), name) session = pickle.loads(data) if data else dict() return session def set_session(self, sid, session_data, name): expiry = self.options['expire'] self.redis.hset(self.prefixed(sid), name, pickle.dumps(session_data)) if expiry: self.redis.expire(self.prefixed(sid), expiry) def delete_session(self, sid): self.redis.delete(self.prefixed(sid)) class Session: def __init__(self, session_store, sessionid=None): self._store = session_store self._sessionid = sessionid if sessionid else self._store.generate_sid() self._sessiondata = self._store.get_session(self._sessionid, 'data') self.dirty = False def clear(self): self._store.delete_session(self._sessionid) def access(self, remote_ip): access_info = {'remote_ip':remote_ip, 'time':'%.6f' % time.time()} self._store.set_session( self._sessionid, 'last_access', pickle.dumps(access_info) ) def last_access(self): access_info = self._store.get_session(self._sessionid, 'last_access') return pickle.loads(access_info) @property def sessionid(self): return self._sessionid def __getitem__(self, key): return self._sessiondata[key] def __setitem__(self, key, value): self._sessiondata[key] = value self._dirty() def __delitem__(self, key): del self._sessiondata[key] self._dirty() def __len__(self): return len(self._sessiondata) def __contains__(self, key): return key in self._sessiondata def __iter__(self): for key in self._sessiondata: yield key def __repr__(self): return self._sessiondata.__repr__() def __del__(self): if self.dirty: self._save() def _dirty(self): self.dirty = True def _save(self): self._store.set_session(self._sessionid, self._sessiondata, 'data') self.dirty = False
This simple session.py file is handy dandy for inclusion into your tornado project! Let's take a look at what may be in your main app .py file:
from session import Session # Our base handler class BaseHandler(tornado.web.RequestHandler): def __init__(self,application, request,**kwargs): super(BaseHandler,self).__init__(application,request) def get_current_user(self): return self.session['user'] if self.session and 'user' in self.session else None @property def session(self): sessionid = self.get_secure_cookie(<< YOUR AUTH COOKIE NAME >>,None) if sessionid: return Session(self.application.session_store, sessionid) else: sess = Session(self.application.session_store, None) self.set_secure_cookie(<< YOUR AUTH COOKIE NAME >>,sess.sessionid) return sess
Now, this particular example only works with a local redis server... However, you can always pass new connection parameters in to connect to a remote store or cluster.
This is a quick draft with some future editing in mind, but should you find any errors, let me know and I'll make sure to update appropriately! Enjoy!