Sessions — Aquilia Documentation
Comprehensive guide and documentation for Sessions in the Aquilia framework. View API reference, examples, and implementation patterns.
MIDDLEWARE / SESSIONS Session Middleware The SessionMiddleware orchestrates session state lifecycle binding per request. It handles token detection, DI container registration, user privilege rotation, and persistence sync. Session Lifecycle Stages During request processing, the session middleware executes the following stages: 1. Session Resolution Extracts the session identifier using the transport backend, loads the session state from store (e.g. Memory, Redis), and validates integrity. 2. State Binding Stores the session in request.state["session"] and ctx.session, and registers the class Session inside the request-scoped DI container. 3. Concurrency Checks If the session is authenticated, verifies active session counts against policy limits (evicting older sessions or blocking the login). 4. Privilege Change & Rotation Tracks changes in authentication states during controller execution. If a login or logout occurs, the middleware triggers session identifier rotation to defend against session fixation attacks. 5. Commit & Sync Saves updated variables to the session store and appends updated transport cookies/headers to the outgoing response. Wiring Session Middleware from aquilia.sessions import SessionEngine, MemoryStore, CookieTransport, SessionPolicy from aquilia.middleware_ext import SessionMiddleware, create_session_middleware engine = SessionEngine( policy=SessionPolicy(max_age=3600), store=MemoryStore(), transport=CookieTransport() ) # Option A: Direct registration server.middleware(SessionMiddleware(session_engine=engine)) # Option B: Optional session middleware (gracefully handles missing engine) server.middleware(create_session_middleware(session_engine=engine, optional=True)) Request Scope )
Go to Homepage