1import time
 2
 3from opentelemetry import trace
 4from opentelemetry.semconv._incubating.attributes.session_attributes import SESSION_ID
 5
 6from plain.runtime import settings
 7from plain.utils.cache import patch_vary_headers
 8from plain.utils.http import http_date
 9
10from .core import SessionStore
11
12
13class SessionMiddleware:
14    def __init__(self, get_response):
15        self.get_response = get_response
16
17    def __call__(self, request):
18        session_key = request.cookies.get(settings.SESSION_COOKIE_NAME)
19
20        if session_key:
21            trace.get_current_span().set_attribute(SESSION_ID, session_key)
22
23        request.session = SessionStore(session_key)
24
25        response = self.get_response(request)
26
27        """
28        If request.session was modified, or if the configuration is to save the
29        session every time, save the changes and set a session cookie or delete
30        the session cookie if the session has been emptied.
31        """
32        accessed = request.session.accessed
33        modified = request.session.modified
34        empty = request.session.is_empty()
35
36        # First check if we need to delete this cookie.
37        # The session should be deleted only if the session is entirely empty.
38        if settings.SESSION_COOKIE_NAME in request.cookies and empty:
39            response.delete_cookie(
40                settings.SESSION_COOKIE_NAME,
41                path=settings.SESSION_COOKIE_PATH,
42                domain=settings.SESSION_COOKIE_DOMAIN,
43                samesite=settings.SESSION_COOKIE_SAMESITE,
44            )
45            patch_vary_headers(response, ("Cookie",))
46        else:
47            if accessed:
48                patch_vary_headers(response, ("Cookie",))
49            if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
50                if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
51                    max_age = None
52                    expires = None
53                else:
54                    max_age = settings.SESSION_COOKIE_AGE
55                    expires_time = time.time() + max_age
56                    expires = http_date(expires_time)
57                # Save the session data and refresh the client cookie.
58                # Skip session save for 5xx responses.
59                if response.status_code < 500:
60                    request.session.save()
61                    response.set_cookie(
62                        settings.SESSION_COOKIE_NAME,
63                        request.session.session_key,
64                        max_age=max_age,
65                        expires=expires,
66                        domain=settings.SESSION_COOKIE_DOMAIN,
67                        path=settings.SESSION_COOKIE_PATH,
68                        secure=settings.SESSION_COOKIE_SECURE or None,
69                        httponly=settings.SESSION_COOKIE_HTTPONLY or None,
70                        samesite=settings.SESSION_COOKIE_SAMESITE,
71                    )
72        return response