← Back to all products

Session Manager

$9

Secure session management with signed cookies, fingerprinting, sliding expiration, and CSRF protection.

📁 9 files
JSONMarkdownPythonRedis

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 9 files

session-manager/ ├── LICENSE ├── README.md ├── examples/ │ └── config.example.json ├── free-sample.zip ├── guide/ │ ├── 01_session-manager.md │ ├── 02_features.md │ └── 03_quick-start.md ├── index.html └── src/ └── main.py

📖 Documentation Preview README excerpt

Session Manager

Secure session management with signed cookies, fingerprinting, sliding expiration, concurrent limits, and CSRF protection. Zero dependencies.

Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).

Features

  • HMAC-signed session cookies — tamper-proof, no client-side manipulation
  • In-memory store with Redis-compatible interface
  • Automatic session expiration with background cleanup
  • Sliding expiration: TTL resets on each request
  • Session fingerprinting: bind sessions to IP + User-Agent
  • Concurrent session limits: max N active sessions per user
  • CSRF token generation and validation
  • CLI tool for session creation, validation, and management
  • Zero dependencies — Python stdlib only

Quick Start


# Create a new session
python3 src/main.py create --user user123 --ip 192.168.1.1

# Validate a session
python3 src/main.py validate --session-id abc123...

# List active sessions for a user
python3 src/main.py list --user user123

# Destroy a session
python3 src/main.py destroy --session-id abc123...

# Start demo HTTP server with session middleware
python3 src/main.py serve --port 8000

Using as a Library


from main import SessionManager

sm = SessionManager(
    signing_secret="your-secret-min-32-chars!",
    ttl_seconds=86400,
    max_concurrent=5,
)

# Create a session
session_id, cookie_value = sm.create(
    user_id="user123",
    ip_address="192.168.1.1",
    user_agent="Mozilla/5.0...",
)

# Validate a session (returns session data or None)
session = sm.validate(cookie_value, ip_address="192.168.1.1")
if session:
    print(f"User: {session.user_id}")
    print(f"CSRF token: {session.csrf_token}")

*... continues with setup instructions, usage examples, and more.*

📄 Code Sample .py preview

src/main.py #!/usr/bin/env python3 """ Session Manager — Secure Sessions with Fingerprinting & Expiry =============================================================== A production-ready session management system with secure cookie generation, device fingerprinting, sliding expiration, concurrent session limits, and a Redis-compatible in-memory store. Why build your own? Because Flask-Session and Django sessions are framework-locked. This implementation works anywhere — CLI tools, microservices, custom HTTP servers — with zero dependencies. Zero dependencies. Import or run as CLI. Part of the Auth Vault toolkit by DataNest. License: MIT """ from __future__ import annotations import hashlib import hmac import json import logging import os import secrets import threading import time from dataclasses import dataclass, field, asdict from datetime import datetime, timezone, timedelta from http.server import HTTPServer, BaseHTTPRequestHandler from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Configuration # --------------------------------------------------------------------------- STORAGE_FILE = Path("./sessions.json") DEFAULT_HOST = "0.0.0.0" DEFAULT_PORT = 8082 SESSION_TTL = 3600 # 1 hour default MAX_SESSIONS_PER_USER = 5 # Concurrent session limit COOKIE_NAME = "sid" SIGNING_SECRET = os.environ.get("SESSION_SECRET", "CHANGE_ME_" + secrets.token_hex(16)) logging.basicConfig( level=logging.INFO, format="%(asctime)s [%(levelname)s] %(message)s", # ... 429 more lines ...
Buy Now — $9 Back to Products