← Back to all products
$9
Session Manager
Secure session management with signed cookies, fingerprinting, sliding expiration, and CSRF protection.
JSONMarkdownPythonRedis
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 9 files
session-manager/
├── LICENSE
├── README.md
├── examples/
│ └── config.example.json
├── free-sample.zip
├── guide/
│ ├── 01_session-manager.md
│ ├── 02_features.md
│ └── 03_quick-start.md
├── index.html
└── src/
└── main.py
📖 Documentation Preview README excerpt
Session Manager
Secure session management with signed cookies, fingerprinting, sliding expiration, concurrent limits, and CSRF protection. Zero dependencies.
Part of the Auth Vault toolkit by [CodeVault](https://codevault.dev).
Features
- HMAC-signed session cookies — tamper-proof, no client-side manipulation
- In-memory store with Redis-compatible interface
- Automatic session expiration with background cleanup
- Sliding expiration: TTL resets on each request
- Session fingerprinting: bind sessions to IP + User-Agent
- Concurrent session limits: max N active sessions per user
- CSRF token generation and validation
- CLI tool for session creation, validation, and management
- Zero dependencies — Python stdlib only
Quick Start
# Create a new session
python3 src/main.py create --user user123 --ip 192.168.1.1
# Validate a session
python3 src/main.py validate --session-id abc123...
# List active sessions for a user
python3 src/main.py list --user user123
# Destroy a session
python3 src/main.py destroy --session-id abc123...
# Start demo HTTP server with session middleware
python3 src/main.py serve --port 8000
Using as a Library
from main import SessionManager
sm = SessionManager(
signing_secret="your-secret-min-32-chars!",
ttl_seconds=86400,
max_concurrent=5,
)
# Create a session
session_id, cookie_value = sm.create(
user_id="user123",
ip_address="192.168.1.1",
user_agent="Mozilla/5.0...",
)
# Validate a session (returns session data or None)
session = sm.validate(cookie_value, ip_address="192.168.1.1")
if session:
print(f"User: {session.user_id}")
print(f"CSRF token: {session.csrf_token}")
*... continues with setup instructions, usage examples, and more.*
📄 Code Sample .py preview
src/main.py
#!/usr/bin/env python3
"""
Session Manager — Secure Sessions with Fingerprinting & Expiry
===============================================================
A production-ready session management system with secure cookie
generation, device fingerprinting, sliding expiration, concurrent
session limits, and a Redis-compatible in-memory store.
Why build your own? Because Flask-Session and Django sessions are
framework-locked. This implementation works anywhere — CLI tools,
microservices, custom HTTP servers — with zero dependencies.
Zero dependencies. Import or run as CLI.
Part of the Auth Vault toolkit by DataNest.
License: MIT
"""
from __future__ import annotations
import hashlib
import hmac
import json
import logging
import os
import secrets
import threading
import time
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone, timedelta
from http.server import HTTPServer, BaseHTTPRequestHandler
from pathlib import Path
from typing import Any
# ---------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------
STORAGE_FILE = Path("./sessions.json")
DEFAULT_HOST = "0.0.0.0"
DEFAULT_PORT = 8082
SESSION_TTL = 3600 # 1 hour default
MAX_SESSIONS_PER_USER = 5 # Concurrent session limit
COOKIE_NAME = "sid"
SIGNING_SECRET = os.environ.get("SESSION_SECRET", "CHANGE_ME_" + secrets.token_hex(16))
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s [%(levelname)s] %(message)s",
# ... 429 more lines ...