Policies — Aquilia Documentation
Comprehensive guide and documentation for Policies in the Aquilia framework. View API reference, examples, and implementation patterns.
Sessions / Policies Session Policies A SessionPolicy defines the rules that govern session lifetimes, timeouts, rotation, concurrency, persistence, and network transport details. SessionPolicy Data Class The policy is constructed using three sub-policies: PersistencePolicy , ConcurrencyPolicy , and TransportPolicy . from datetime import timedelta from aquilia.sessions import SessionPolicy, PersistencePolicy, ConcurrencyPolicy, TransportPolicy policy = SessionPolicy( name="web", ttl=timedelta(hours=2), idle_timeout=timedelta(minutes=30), absolute_timeout=timedelta(hours=12), rotate_on_use=False, rotate_on_privilege_change=True, fingerprint_binding=True, scope="user", # Sub-policies persistence=PersistencePolicy( enabled=True, store_name="default", write_through=True, compress=False, ), concurrency=ConcurrencyPolicy( max_sessions_per_principal=5, behavior_on_limit="evict_oldest", # "reject" | "evict_oldest" | "evict_all" ), transport=TransportPolicy( adapter="cookie", cookie_name="aquilia_session", cookie_httponly=True, cookie_secure=True, cookie_samesite="lax", cookie_path="/", header_name="X-Session-ID", ), ) SessionPolicyBuilder (Fluent Interface) Use the fluent builder SessionPolicyBuilder to construct policies. Important: Call preset defaults first (such as .web_defaults() or .admin_defaults()), then chain your overrides. Calling presets at the end of the chain will override your custom values. from aquilia.sessions import SessionPolicyBuilder # Web application policy (Web defaults, custom TTL overrides) web_policy = ( SessionPolicyBuilder() .web_defaults() # Loads web defaults first .lasting(hours=2) # Then overrides lasting TTL .idle_timeout(minutes=30) .build() ) # API token policy (Header transport defaults, extended lasting time) api_policy = ( SessionPolicyBuilder() .api_defaults() # Loads API defaults first .lasting(hours=24) # Customize afterward .build() ) # Admin policy (Strict single-session limit, rotated on use, fingerprint bound) admin_policy = ( SessionPolicyBuilder() .admin_defaults() # Setup strict admin defaults first .lasting(hours=8) # Customize properties next .idle_timeout(minutes=15) .absolute_timeout(hours=12) .rotating_on_use() .with_fingerprint_binding() .max_concurrent(1) .build() ) Builder Methods Reference Method Description ))} Built-in Policy Presets Aquilia exports pre-configured policies to handle standard development, API, and administrative session constraints: from aquilia.sessions.policy import ( DEFAULT_USER_POLICY, # 7d TTL, 30m idle, cookie transport, max 5 concurrent API_TOKEN_POLICY, # 1h TTL, no idle, header transport ("X-API-Token") EPHEMERAL_POLICY, # Request-scoped, persistence disabled, cookie transport ADMIN_POLICY, # 8h TTL, 15m idle, 12h absolute, fingerprint, max 1 concurrent ) )
Go to Homepage