1import time
2
3from opentelemetry import trace
4from opentelemetry.semconv._incubating.attributes.session_attributes import SESSION_ID
5
6from plain.runtime import settings
7from plain.utils.cache import patch_vary_headers
8from plain.utils.http import http_date
9
10from .core import SessionStore
11
12
13class SessionMiddleware:
14 def __init__(self, get_response):
15 self.get_response = get_response
16
17 def __call__(self, request):
18 session_key = request.cookies.get(settings.SESSION_COOKIE_NAME)
19
20 if session_key:
21 trace.get_current_span().set_attribute(SESSION_ID, session_key)
22
23 request.session = SessionStore(session_key)
24
25 response = self.get_response(request)
26
27 """
28 If request.session was modified, or if the configuration is to save the
29 session every time, save the changes and set a session cookie or delete
30 the session cookie if the session has been emptied.
31 """
32 accessed = request.session.accessed
33 modified = request.session.modified
34 empty = request.session.is_empty()
35
36 # First check if we need to delete this cookie.
37 # The session should be deleted only if the session is entirely empty.
38 if settings.SESSION_COOKIE_NAME in request.cookies and empty:
39 response.delete_cookie(
40 settings.SESSION_COOKIE_NAME,
41 path=settings.SESSION_COOKIE_PATH,
42 domain=settings.SESSION_COOKIE_DOMAIN,
43 samesite=settings.SESSION_COOKIE_SAMESITE,
44 )
45 patch_vary_headers(response, ("Cookie",))
46 else:
47 if accessed:
48 patch_vary_headers(response, ("Cookie",))
49 if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
50 if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
51 max_age = None
52 expires = None
53 else:
54 max_age = settings.SESSION_COOKIE_AGE
55 expires_time = time.time() + max_age
56 expires = http_date(expires_time)
57 # Save the session data and refresh the client cookie.
58 # Skip session save for 5xx responses.
59 if response.status_code < 500:
60 request.session.save()
61 response.set_cookie(
62 settings.SESSION_COOKIE_NAME,
63 request.session.session_key,
64 max_age=max_age,
65 expires=expires,
66 domain=settings.SESSION_COOKIE_DOMAIN,
67 path=settings.SESSION_COOKIE_PATH,
68 secure=settings.SESSION_COOKIE_SECURE or None,
69 httponly=settings.SESSION_COOKIE_HTTPONLY or None,
70 samesite=settings.SESSION_COOKIE_SAMESITE,
71 )
72 return response