Metadata-Version: 2.3
Name: tornado-auth-sessions
Version: 0.0.2
Summary: 
Author: joegasewicz
Author-email: joegasewicz@gmail.com
Requires-Python: >=3.13
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.13
Requires-Dist: redis (>=5.0)
Requires-Dist: tornado (>=6.0)
Description-Content-Type: text/markdown

# Tornado Auth Sessions

Simple, secure Redis-backed session mixin for Tornado.

## Installation

```bash
pip install tornado-redis-sessions
```
---

## Setup

Configure Redis via Tornado application settings:

```python
import tornado.web

app = tornado.web.Application(
    handlers,
    redis_host={
        "host": "localhost",
        "port": 6379,
        "db": 0,
        "password": None,
        "decode_responses": True,
    },
    cookie_secret="YOUR_SECRET_KEY",
)
```

---

## Usage

Create a base handler:
```python
import tornado
from tornado_redis_sessions import TornadoSessionsMixin


class BaseHandler(
    TornadoSessionsMixin,
    tornado.web.RequestHandler,
):
    pass 
```

---

## Example
### Login

```python
class LoginHandler(BaseHandler):
    def post(self):
        # authenticate user...
        self.set_session(user.id)
        self.redirect("/dashboard")
```

### Protected route

```python
class DashboardHandler(BaseHandler):
    def get(self):
        user_id = self.get_session()
        if not user_id:
            self.redirect("/login")
            return

        self.write(f"Welcome user {user_id}") 
```

### Logout

```python
class LogoutHandler(BaseHandler):
    def post(self):
        self.remove_session(user.id)
        self.redirect("/")
```

---

## Security notes
- Uses Tornado set_secure_cookie (signed, tamper-proof)
- Always use HTTPS in production
- Set secure=True for cookies
- Use strong cookie_secret
- Pair with CSRF protection for forms
