Random   •   Archives   •   RSS   •   About   •   Contact

Sharing a Pyramid cookie with Flask or Tornado

Do you have a Pyramid application which authenticates users and uses a signed cookie as a session? Do you want to build a microservice using another framework and allow it to use the same cookie and session? Me too!

First we will review a bit of Pyramid code which describes the cookie session.

Teach Tornado how to read Pyramid cookies

In this section I'll show you how to access and deserialize the Pyramid cookie from a Tornado application.

To do this, I'm going to extend the Tornado Hello, world application:

import tornado.ioloop
import tornado.web

class MainHandler(tornado.web.RequestHandler):
    def get(self):
        self.write("Hello, world")

def make_app():
    return tornado.web.Application([
        (r"/", MainHandler),
    ])

if __name__ == "__main__":
    app = make_app()
    app.listen(8888)
    tornado.ioloop.IOLoop.current().start()

This is a simple application which listens to port 8888 and serves the text Hello, world when / is requested.

Add the following imports:

# accessing Pyramid cookies.
from webob.cookies import SignedSerializer
from pyramid.session import PickleSerializer
from pyramid.compat import bytes_

For testing purposes, create a global serializer object:

# http://docs.webob.org/en/stable/api/cookies.html#webob.cookies.SignedSerializer
serializer = SignedSerializer(secret='test-secret', salt='pyramid.session.', serializer=PickleSerializer())

Adjust the get method in the MainHandler to look like this:

def get(self):
    raw_cookie = self.get_cookie('session', None)
    if raw_cookie is not None:
        session_data = serializer.loads(bytes_(raw_cookie))
        self.write(str(session_data))
        self.write(str("<br/>"))
    self.write("Hello, world")

The complete program follows:

import tornado.ioloop
import tornado.web

# accessing Pyramid cookies.
from webob.cookies import SignedSerializer
from pyramid.session import PickleSerializer
from pyramid.compat import bytes_

# http://docs.webob.org/en/stable/api/cookies.html#webob.cookies.SignedSerializer
serializer = SignedSerializer(secret='test-secret', salt='pyramid.session.', serializer=PickleSerializer())

class MainHandler(tornado.web.RequestHandler):
    def get(self):
        raw_cookie = self.get_cookie('session', None)
        if raw_cookie is not None:
            session_data = serializer.loads(bytes_(raw_cookie))
            self.write(str(session_data))
            self.write(str("<br/>"))
        self.write("Hello, world")


def make_app():
    return tornado.web.Application([
        (r"/", MainHandler),
    ])

if __name__ == "__main__":
    app = make_app()
    app.listen(8888)
    tornado.ioloop.IOLoop.current().start()

Again, we are hardcoding the same secret. If you set everything up properly, loading http://127.0.0.1:8888 in a web browser should print the cookie session_data in plain-text.

In my testing, I saw my cookie and it looked like this:

(1479520270, 1479516714.062414, {'authenticated_user_id': 5, 'nodes_pending_verify': []})
Hello, world

Thats all for now, let me know what you think in the comments!



© Russell Ballestrini.