1import time
 2
 3from opentelemetry import trace
 4from opentelemetry.semconv._incubating.attributes.session_attributes import SESSION_ID
 5
 6from plain.runtime import settings
 7from plain.utils.cache import patch_vary_headers
 8from plain.utils.http import http_date
 9
10from .core import SessionStore
11
12
13class SessionMiddleware:
14    def __init__(self, get_response):
15        self.get_response = get_response
16
17    def __call__(self, request):
18        session_key = request.cookies.get(settings.SESSION_COOKIE_NAME)
19
20        request.session = SessionStore(session_key)
21
22        if request.session.model_instance:
23            trace.get_current_span().set_attribute(
24                SESSION_ID, request.session.model_instance.id
25            )
26
27        response = self.get_response(request)
28
29        """
30        If request.session was modified, or if the configuration is to save the
31        session every time, save the changes and set a session cookie or delete
32        the session cookie if the session has been emptied.
33        """
34        accessed = request.session.accessed
35        modified = request.session.modified
36        empty = request.session.is_empty()
37
38        # First check if we need to delete this cookie.
39        # The session should be deleted only if the session is entirely empty.
40        if settings.SESSION_COOKIE_NAME in request.cookies and empty:
41            response.delete_cookie(
42                settings.SESSION_COOKIE_NAME,
43                path=settings.SESSION_COOKIE_PATH,
44                domain=settings.SESSION_COOKIE_DOMAIN,
45                samesite=settings.SESSION_COOKIE_SAMESITE,
46            )
47            patch_vary_headers(response, ("Cookie",))
48        else:
49            if accessed:
50                patch_vary_headers(response, ("Cookie",))
51            if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
52                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
53                    max_age = None
54                    expires = None
55                else:
56                    max_age = settings.SESSION_COOKIE_AGE
57                    expires_time = time.time() + max_age
58                    expires = http_date(expires_time)
59                # Save the session data and refresh the client cookie.
60                # Skip session save for 5xx responses.
61                if response.status_code < 500:
62                    request.session.save()
63                    response.set_cookie(
64                        settings.SESSION_COOKIE_NAME,
65                        request.session.session_key,
66                        max_age=max_age,
67                        expires=expires,
68                        domain=settings.SESSION_COOKIE_DOMAIN,
69                        path=settings.SESSION_COOKIE_PATH,
70                        secure=settings.SESSION_COOKIE_SECURE or None,
71                        httponly=settings.SESSION_COOKIE_HTTPONLY or None,
72                        samesite=settings.SESSION_COOKIE_SAMESITE,
73                    )
74        return response