Middleware

class nginx_ldap_auth.app.middleware.SessionMiddleware(app: Callable[[MutableMapping[str, Any], Callable[[], Awaitable[MutableMapping[str, Any]]], Callable[[MutableMapping[str, Any]], Awaitable[None]]], Awaitable[None]], store: SessionStore, lifetime: int | timedelta = 0, rolling: bool = False, cookie_name: str = 'session', cookie_same_site: str = 'lax', cookie_https_only: bool = True, cookie_domain: str | None = None, cookie_path: str | None = None, serializer: Serializer | None = None)[source]

Bases: SessionMiddleware

Override the starsession.SessionMiddleware to allow us to set the cookie name and domain via the X-Cookie-Name and X-Cookie-Domain headers, respectively. If those headers are not present, the values from the constructor are used.

We need this so that we can set the cookie name and domain dynamically based on the request. This is necessary because we may have multiple nginx severs that use a single nginx_ldap_auth server for authentication.

Note

Unfortunately, the :py:meth:__call__ method is monolithic in the superclass, so we have to re-implement it here in is entirety to do what we want to do.

COOKIE_NAME_HEADER: Final[str] = 'X-Cookie-Name'

COOKIE_DOMAIN_HEADER: Final[str] = 'X-Cookie-Domain'