flask • python • session cookie

Flask session cookie manager

What is a good way to test a flask web application routes/page that requires a user to login first? In my opinion there is two ways of doing it.

  1. do a setup and teardown where you login and logout after each test
  2. Inject session cookie for all request (This will help speed up the test suite you have, because you don’t have to set the login/logout at the beginning and the end of test)

Below is a simple python script to deal with Flask session cookie

What you will need the:

  1. flask app secret key (for encoding)
  2. the session cookie structure/data for (decoding/encoding)

How to use the python script:

  1. Use the session_cookie_decoder to get session cookie data/structure python session_cookie_manager.py <decode> <session_cookie_value>
  2. Use the session_cookie_encoder to setup a stub/mock session cookie data python session_cookie_manager.py <encode> <secret_key> <session_cookie_structure>

session_cookie_manager.py

""" Flask Session Cookie Decoder/Encoder """ __author__ = 'Wilson Sumanang' # standard imports import sys import zlib from itsdangerous import base64_decode # external Imports from flask.sessions import SecureCookieSessionInterface class MockApp(object): def __init__(self, secret_key): self.secret_key = secret_key def session_cookie_encoder(secret_key, session_cookie_structure): """ Encode a Flask session cookie  Example:  cookie_structure = dict( 	gplus_id = 1285135705050360459231,  email = john.doe@gmail.com,  user_info = dict(  full_name = john doe,  )  )  session_cookie_encoder(b'development key', cookie_structure)  Args:  secret_key (string): Flask App secret key  session_cookie_structure (dict): Flask session cookie structure  Return:  value (string): Flask session cookie  """ try: app = MockApp(secret_key) session_cookie_structure = dict() si = SecureCookieSessionInterface() s = si.get_signing_serializer(app) return s.dumps(session_cookie_structure) except Exception as e: return "[Encoding error]{}".format(e) def session_cookie_decoder(session_cookie_value): """ Decode a Flask cookie  Args:  session_cookie_value (string): Flask session cookie to decode  """ try: compressed = False payload = session_cookie_values if payload.startswith(b'.'): compressed = True payload = payload[1:] data = payload.split(".")[0] data = base64_decode(data) if compressed: data = zlib.decompress(data) return data except Exception as e: return "[Decoding error]{}".format(e) if __name__ == "__main__": encoder_guide = "Usage: session_cookie_manager.py <encode> <secret_key> <session_cookie_structure>" decoder_guide = "Usage: session_cookie_manager.py <decode> <session_cookie_value>" print sys.argv if len(sys.argv) == 3: status, session_cookie_value = sys.argv[1:] if status.lower() == 'decode': print session_cookie_decoder(session_cookie_value) else: print decoder_guide sys.exit(1) elif len(sys.argv) == 4: status, secret_key, session_cookie_structure = sys.argv[1:] if status.lower() == 'encode': print session_cookie_encoder(secret_key, session_cookie_structure) sys.exit(1) else: print encoder_guide else: print decoder_guide print encoder_guide sys.exit(1)

By default Flask uses URL-safe signed serializer called itsdangerous to encoded its client-side session cookie. A flask app uses a secret key to sign the session cookie so that the client can’t modify it.1

  1. https://www.kirsle.net/wizards/flask-session.py