Plain is headed towards 1.0! Subscribe for development updates →

Plain
Start Docs Status
v0.0.0
Docs
plain-sessions
plain
sessions
README.md

Sessions - db backed

Manage sessions and save them in the database.

  • associate with users?
  • devices?
Source
plain-sessions
plain
sessions
preflight.py 
 1from plain.preflight import Warning, register
 2from plain.runtime import settings
 3
 4
 5def add_session_cookie_message(message):
 6    return message + (
 7        " Using a secure-only session cookie makes it more difficult for "
 8        "network traffic sniffers to hijack user sessions."
 9    )
10
11
12W010 = Warning(
13    add_session_cookie_message(
14        "You have 'plain.sessions' in your INSTALLED_PACKAGES, "
15        "but you have not set SESSION_COOKIE_SECURE to True."
16    ),
17    id="security.W010",
18)
19
20W011 = Warning(
21    add_session_cookie_message(
22        "You have 'plain.sessions.middleware.SessionMiddleware' "
23        "in your MIDDLEWARE, but you have not set "
24        "SESSION_COOKIE_SECURE to True."
25    ),
26    id="security.W011",
27)
28
29W012 = Warning(
30    add_session_cookie_message("SESSION_COOKIE_SECURE is not set to True."),
31    id="security.W012",
32)
33
34
35def add_httponly_message(message):
36    return message + (
37        " Using an HttpOnly session cookie makes it more difficult for "
38        "cross-site scripting attacks to hijack user sessions."
39    )
40
41
42W013 = Warning(
43    add_httponly_message(
44        "You have 'plain.sessions' in your INSTALLED_PACKAGES, "
45        "but you have not set SESSION_COOKIE_HTTPONLY to True.",
46    ),
47    id="security.W013",
48)
49
50W014 = Warning(
51    add_httponly_message(
52        "You have 'plain.sessions.middleware.SessionMiddleware' "
53        "in your MIDDLEWARE, but you have not set "
54        "SESSION_COOKIE_HTTPONLY to True."
55    ),
56    id="security.W014",
57)
58
59W015 = Warning(
60    add_httponly_message("SESSION_COOKIE_HTTPONLY is not set to True."),
61    id="security.W015",
62)
63
64
65@register(deploy=True)
66def check_session_cookie_secure(package_configs, **kwargs):
67    if settings.SESSION_COOKIE_SECURE is True:
68        return []
69    errors = []
70    if _session_app():
71        errors.append(W010)
72    if _session_middleware():
73        errors.append(W011)
74    if len(errors) > 1:
75        errors = [W012]
76    return errors
77
78
79@register(deploy=True)
80def check_session_cookie_httponly(package_configs, **kwargs):
81    if settings.SESSION_COOKIE_HTTPONLY is True:
82        return []
83    errors = []
84    if _session_app():
85        errors.append(W013)
86    if _session_middleware():
87        errors.append(W014)
88    if len(errors) > 1:
89        errors = [W015]
90    return errors
91
92
93def _session_middleware():
94    return "plain.sessions.middleware.SessionMiddleware" in settings.MIDDLEWARE
95
96
97def _session_app():
98    return "plain.sessions" in settings.INSTALLED_PACKAGES