I am trying to initialize a requests.Session, to keep a connection with a webpage. However, I read that each time the session class is called, a new session is created.
How is it possible to keep the connection alive? Because with my current code, it's giving me the webpage content after I call the login method (that's OK, it shows that I logged into the page and gives me the content I want), but when I call the update method, it gives me the content from the login page again, not from the page I actually want after login.
import requests
class LoginLogout:
# creating session
def __init__(self):
self.s = requests.Session()
# login method
def login(self, user, password, server):
payload_data = {'user': user, 'pass': password, 'server': server}
print(self.s.post(LOGIN_LINK, payload_data))
# update method
def update(self, updt_link):
print(self.s.get(updt_link))
def logout(self):
response = self.s.get('...some webpage/user/logout...')
self.s.close()
print(response)
Here I am calling the objects:
if switch_parameter == "login":
login_var = LoginLogout()
login_var.login(USER, PASSWORD, SERVER)
print('IS IT OK ?', login_var.s.get('.../login...')) # <-OK it shows 200 result (but should I use there "s" too ?)
elif switch_parameter == "start":
start()
elif switch_parameter == "stop":
stop()
elif switch_parameter == "update":
update_prem = LoginLogout()
update_prem.update('...different/page...')
# (am I missing here "s" ?, or I shouldnt be using it here anyway)
elif switch_parameter == "logout":
logout()
else:
pass
What am I doing wrong here? I just want to use login to log into the website and keep the session active, while calling update every time I need to get another page. Am I even on the right track or completely wrong?
The whole point of requests.Session is to persist ephemeral constants (like cookies) between requests. In your code you initialize a new session object, when you initialize a LoginLogout object.
You do that here:
if switch_parameter == "login":
login_var = LoginLogout()
...
And you do that here:
elif switch_parameter == "update":
update_prem = LoginLogout()
...
Now login_var and update_prem are obviously different objects and both have the s attribute, each holding a different requests.Session object. How do you expect the attributes of one session to be magically available to the other?
If you want to use an existing session, use it. Don't create a new one.
I don't know about your actual use case of course, but from what you have presented here, it seems you need to do something like this:
scraper_obj = LoginLogout()
scraper_obj.login(USER, PASSWORD, SERVER)
...
scraper_obj.update('...')
...
scraper_obj.logout()
Since your created a wrapper around the actual requests.Session instance with LoginLogout, you should not ever need to deal with its s attribute directly, assuming you have methods on LoginLogout for every kind of request you want to make. You initialize it once and then use its methods to perform requests via its internal session object.
PS
You casually mentioned in a follow-up comment that you set this up as a script to be called repeatedly from the outside and depending on the parameter passed to the script, you want to either log into the site or scrape a specific page.
This shows that you either don't understand how "logging in" even works or that you don't understand how processes work. Typically some session attribute (e.g. cookie) is created on the client so that it can present it to the server to show that it is already authenticated. When using requests as an HTTP client library, this data is stored inside a requests.Session object.
When you call a Python script, you create a new process. Just because you start the same script twice in a row does not mean that one of those processes has any connection to the other. Calling the script to login once has absolutely no effect on what happens the next time you call that script to do something else. None of those earlier session attributes will be present in the second process. I hope this is clear now.
Application setup: Flask running in an eventlet WSGI using the default session
On the client side I am using jQuery to send POST requests to the server from within an asynchronous event handler:
function set_option(option, value) {
$.post('/api/options/' + option, {'value': value});
}
$('.option').change(function() {
var element_id = $(this).prop('id');
var value = $(this).val();
set_option(element_id, value);
});
On the server side I am adding the option and its value to the Flask session:
from flask import Flask, request, session
app = Flask(__name__)
[...]
#app.route('/api/options/<option>', methods=['POST'])
def set_option(option=None):
if request.method == 'POST' and option is not None:
option_value = request.form.get('value')
if option_value is not None:
session[option] = option_value
The above client side event handler can sometimes be called multiple times within a given moment. This appears to cause a race condition with the Flask session cookies. For example, if the event handler gets fired twice from two forced .change() calls on different elements the session then only ends up being modified according to the last POST request.
Let's say there are two elements being changed to the following values:
option_one='1234' and option_two='5678'
The Flask session already contains the following:
{'option_one': '0', 'option_two': '0'}
Two separate requests are sent to the Flask server respectively for each option. The first request sets the Flask session to:
{'option_one': '1234', 'option_two': '0'}
The second request sets the Flask session to:
{'option_one':'0', 'option_two': '5678'}
The session from the second request ends up replacing the session from the first request thus eliminating the desired value which was stored for option_one.
With this in mind, the session cookies do appear to update appropriately if the event handlers are called with a greater length of time between each call.
Is this behaviour of Flask and its session/cookies management to be expected when requests are made within a couple hundred milliseconds of each other?
Would server-side session management be a solution?
As Martijn and davidism pointed out, the session behaviour is a race condition and is to be expected.
The solution would be to store such data on the server and ensure modification conflicts are handled appropriately.
I am using Flask kvsession to avoid replay attacks, as the client side cookie based session used by Flask-login are prone to it.
Eg: If on /index page your cookie in the header is set for your app header like
myapp_session : 'value1'
and if you navigate to /important page you will get a new header like
myapp_session : 'value2' so if a hacker gets 'value1' he can perform replay attacks and misuse it, as it is never invalidated.
To solve this I am using flask-kvsession which stores the session cookie header value in a cache or some backend. SO basically only one myapp_session is generated and invalidated when you logout. But the problem is :-
__init__.py
from simplekv.memory.redisstore import RedisStore
import redis
store = RedisStore(redis.StrictRedis())
#store = memcache.Client(['127.0.0.1:11211'], debug =0)
store.ttl_support = True
app = create_app(__name__)
current_kvsession = KVSessionExtension(store, app)
If you look at the cleanup_session part of the code for kv-session
http://pythonhosted.org/Flask-KVSession/#flask_kvsession.KVSessionExtension.cleanup_sessions
It only deletes the expired sessions. But If I want to explicitly delete the value for the current myapp_session for a particular user on logout, how do I do that?
#app.before_request
def redirect_if_logout():
if request.path == url_for('logout'):
for key in app.kvsession_store.keys():
logger.debug(key)
m = current_kvsession.key_regex.match(key)
logger.debug('found %s', m)
app.kvsession_store.delete(key)
But this deletes all the keys as I don`t know what the unique key for the current session is.
Q2. Also, how to use memcache instead of redis as it doesn`t have the app.kvsession_store.keys() function and gives i/o error.
I think I just figured the 1st part of your question on how you can delete the specific key on logout.
As mentioned in the docs:
Internally, Flask-KVSession stores session ids that are serialized as
KEY_CREATED, where KEY is a random number (the sessions “true” id) and
CREATED a UNIX-timestamp of when the session was created.
Sample cookie value that gets created on client side (you can check with that cookie manager extenion for firefox):
c823af88aedaf496_571b3fd5.4kv9X8UvyQqtCtNV87jTxy3Zcqc
and session id stored in redis as key:
c823af88aedaf496_571b3fd5
So on logout handler, you just need to read the cookie value, split it and use the first part of the string:
Sample Code which worked for me:
import redis
from flask import Flask
from flask_kvsession import KVSessionExtension
from simplekv.memory.redisstore import RedisStore
store = RedisStore(redis.StrictRedis())
app = Flask(__name__)
KVSessionExtension(store, app)
#Logout Handler
#app.route('/logout', methods=['GET'])
def logout():
#here you are reading the cookie
cookie_val = request.cookies.get('session').split(".")[0]
store.delete(cookie_val)
and since you have added ttl_support:
store.ttl_support = True
It will match the TTL(seconds) value from permanent_session_lifetime, if you have set that in config file or in the beginning of your app.py file.
For example, in my application I have set in the beginning of app.py file as:
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
now, when I logout, it deletes the key in redis but it will not be removed until TTL for that turns to 0 from 300 (5 Min as mentioned in permanent_session_lifetime value ).
If you want to remove it from redis immediately, for that you can manually change the app.permanent_session_lifetime to 1 second, which will in turn change TTL for redis.
import redis
import os
from flask import Flask
from flask_kvsession import KVSessionExtension
from simplekv.memory.redisstore import RedisStore
store = RedisStore(redis.StrictRedis())
app = Flask(__name__)
KVSessionExtension(store, app)
#Logout Handler
#app.route('/logout', methods=['GET'])
def logout():
cookie_val = request.cookies.get('session').split(".")[0]
app.permanent_session_lifetime = timedelta(seconds=1)
store.delete(cookie_val)
Using the above code, I was able to thwart session replay attacks.
and solution to your 2nd question:
3 possible mistakes that I can see are:
1: In the beginning of your code you have created:
store = RedisStore(redis.StrictRedis())
but in the loop you are using it as kvsession_store instead of just store:
app.kvsession_store.keys()
To use it without any errors/exceptions you can use it as store.keys() instead of app.store.keys():
from flask_kvsession import KVSessionExtension
from simplekv.memory.redisstore import RedisStore
store = RedisStore(redis.StrictRedis())
for key in store.keys():
print key
store.delete(key) is not deleting the all keys, you are running it inside the loop which is one by one deleting all keys.
I've been using the request/application context for some time without fully understanding how it works or why it was designed the way it was. What is the purpose of the "stack" when it comes to the request or application context? Are these two separate stacks, or are they both part of one stack? Is the request context pushed onto a stack, or is it a stack itself? Am I able to push/pop multiple contexts on top of eachother? If so, why would I want to do that?
Sorry for all the questions, but I'm still confused after reading the documentation for Request Context and Application Context.
Multiple Apps
The application context (and its purpose) is indeed confusing until you realize that Flask can have multiple apps. Imagine the situation where you want to have a single WSGI Python interpreter run multiple Flask application. We're not talking Blueprints here, we're talking entirely different Flask applications.
You might set this up similar to the Flask documentation section on "Application Dispatching" example:
from werkzeug.wsgi import DispatcherMiddleware
from frontend_app import application as frontend
from backend_app import application as backend
application = DispatcherMiddleware(frontend, {
'/backend': backend
})
Notice that there are two completely different Flask applications being created "frontend" and "backend". In other words, the Flask(...) application constructor has been called twice, creating two instances of a Flask application.
Contexts
When you are working with Flask, you often end up using global variables to access various functionality. For example, you probably have code that reads...
from flask import request
Then, during a view, you might use request to access the information of the current request. Obviously, request is not a normal global variable; in actuality, it is a context local value. In other words, there is some magic behind the scenes that says "when I call request.path, get the path attribute from the request object of the CURRENT request." Two different requests will have a different results for request.path.
In fact, even if you run Flask with multiple threads, Flask is smart enough to keep the request objects isolated. In doing so, it becomes possible for two threads, each handling a different request, to simultaneously call request.path and get the correct information for their respective requests.
Putting it Together
So we've already seen that Flask can handle multiple applications in the same interpreter, and also that because of the way that Flask allows you to use "context local" globals there must be some mechanism to determine what the "current" request is (in order to do things such as request.path).
Putting these ideas together, it should also make sense that Flask must have some way to determine what the "current" application is!
You probably also have code similar to the following:
from flask import url_for
Like our request example, the url_for function has logic that is dependent on the current environment. In this case, however, it is clear to see that the logic is heavily dependent on which app is considered the "current" app. In the frontend/backend example shown above, both the "frontend" and "backend" apps could have a "/login" route, and so url_for('/login') should return something different depending on if the view is handling the request for the frontend or backend app.
To answer your questions...
What is the purpose of the "stack" when it comes to the request or
application context?
From the Request Context docs:
Because the request context is internally maintained as a stack you
can push and pop multiple times. This is very handy to implement
things like internal redirects.
In other words, even though you typically will have 0 or 1 items on these stack of "current" requests or "current" applications, it is possible that you could have more.
The example given is where you would have your request return the results of an "internal redirect". Let's say a user requests A, but you want to return to the user B. In most cases, you issue a redirect to the user, and point the user to resource B, meaning the user will run a second request to fetch B. A slightly different way of handling this would be to do an internal redirect, which means that while processing A, Flask will make a new request to itself for resource B, and use the results of this second request as the results of the user's original request.
Are these two separate stacks, or are they both part of one stack?
They are two separate stacks. However, this is an implementation detail. What's more important is not so much that there is a stack, but the fact that at any time you can get the "current" app or request (top of the stack).
Is the request context pushed onto a stack, or is it a stack itself?
A "request context" is one item of the "request context stack". Similarly with the "app context" and "app context stack".
Am I able to push/pop multiple contexts on top of eachother? If so,
why would I want to do that?
In a Flask application, you typically would not do this. One example of where you might want to is for an internal redirect (described above). Even in that case, however, you would probably end up having Flask handle a new request, and so Flask would do all of the pushing/popping for you.
However, there are some cases where you'd want to manipulate the stack yourself.
Running code outside of a request
One typical problem people have is that they use the Flask-SQLAlchemy extension to set up a SQL database and model definition using code something like what is shown below...
app = Flask(__name__)
db = SQLAlchemy() # Initialize the Flask-SQLAlchemy extension object
db.init_app(app)
Then they use the app and db values in a script that should be run from the shell. For example, a "setup_tables.py" script...
from myapp import app, db
# Set up models
db.create_all()
In this case, the Flask-SQLAlchemy extension knows about the app application, but during create_all() it will throw an error complaining about there not being an application context. This error is justified; you never told Flask what application it should be dealing with when running the create_all method.
You might be wondering why you don't end up needing this with app.app_context() call when you run similar functions in your views. The reason is that Flask already handles the management of the application context for you when it is handling actual web requests. The problem really only comes up outside of these view functions (or other such callbacks), such as when using your models in a one-off script.
The resolution is to push the application context yourself, which can be done by doing...
from myapp import app, db
# Set up models
with app.app_context():
db.create_all()
This will push a new application context (using the application of app, remember there could be more than one application).
Testing
Another case where you would want to manipulate the stack is for testing. You could create a unit test that handles a request and you check the results:
import unittest
from flask import request
class MyTest(unittest.TestCase):
def test_thing(self):
with app.test_request_context('/?next=http://example.com/') as ctx:
# You can now view attributes on request context stack by using `request`.
# Now the request context stack is empty
Previous answers already give a nice overview of what goes on in the background of Flask during a request. If you haven't read it yet I recommend #MarkHildreth's answer prior to reading this. In short, a new context (thread) is created for each http request, which is why it's necessary to have a thread Local facility that allows objects such as request and g to be accessible globally across threads, while maintaining their request specific context. Furthermore, while processing an http request Flask can emulate additional requests from within, hence the necessity to store their respective context on a stack. Also, Flask allows multiple wsgi applications to run along each other within a single process, and more than one can be called to action during a request (each request creates a new application context), hence the need for a context stack for applications. That's a summary of what was covered in previous answers.
My goal now is to complement our current understanding by explaining how Flask and Werkzeug do what they do with these context locals. I simplified the code to enhance the understanding of its logic, but if you get this, you should be able to easily grasp most of what's in the actual source (werkzeug.local and flask.globals).
Let's first understand how Werkzeug implements thread Locals.
Local
When an http request comes in, it is processed within the context of a single thread. As an alternative mean to spawn a new context during an http request, Werkzeug also allows the use of greenlets (a sort of lighter "micro-threads") instead of normal threads. If you don't have greenlets installed it will revert to using threads instead. Each of these threads (or greenlets) are identifiable by a unique id, which you can retrieve with the module's get_ident() function. That function is the starting point to the magic behind having request, current_app,url_for, g, and other such context-bound global objects.
try:
from greenlet import get_ident
except ImportError:
from thread import get_ident
Now that we have our identity function we can know which thread we're on at any given time and we can create what's called a thread Local, a contextual object that can be accessed globally, but when you access its attributes they resolve to their value for that specific thread.
e.g.
# globally
local = Local()
# ...
# on thread 1
local.first_name = 'John'
# ...
# on thread 2
local.first_name = 'Debbie'
Both values are present on the globally accessible Local object at the same time, but accessing local.first_name within the context of thread 1 will give you 'John', whereas it will return 'Debbie' on thread 2.
How is that possible? Let's look at some (simplified) code:
class Local(object)
def __init__(self):
self.storage = {}
def __getattr__(self, name):
context_id = get_ident() # we get the current thread's or greenlet's id
contextual_storage = self.storage.setdefault(context_id, {})
try:
return contextual_storage[name]
except KeyError:
raise AttributeError(name)
def __setattr__(self, name, value):
context_id = get_ident()
contextual_storage = self.storage.setdefault(context_id, {})
contextual_storage[name] = value
def __release_local__(self):
context_id = get_ident()
self.storage.pop(context_id, None)
local = Local()
From the code above we can see that the magic boils down to get_ident() which identifies the current greenlet or thread. The Local storage then just uses that as a key to store any data contextual to the current thread.
You can have multiple Local objects per process and request, g, current_app and others could simply have been created like that. But that's not how it's done in Flask in which these are not technically Local objects, but more accurately LocalProxy objects. What's a LocalProxy?
LocalProxy
A LocalProxy is an object that queries a Local to find another object of interest (i.e. the object it proxies to). Let's take a look to understand:
class LocalProxy(object):
def __init__(self, local, name):
# `local` here is either an actual `Local` object, that can be used
# to find the object of interest, here identified by `name`, or it's
# a callable that can resolve to that proxied object
self.local = local
# `name` is an identifier that will be passed to the local to find the
# object of interest.
self.name = name
def _get_current_object(self):
# if `self.local` is truly a `Local` it means that it implements
# the `__release_local__()` method which, as its name implies, is
# normally used to release the local. We simply look for it here
# to identify which is actually a Local and which is rather just
# a callable:
if hasattr(self.local, '__release_local__'):
try:
return getattr(self.local, self.name)
except AttributeError:
raise RuntimeError('no object bound to %s' % self.name)
# if self.local is not actually a Local it must be a callable that
# would resolve to the object of interest.
return self.local(self.name)
# Now for the LocalProxy to perform its intended duties i.e. proxying
# to an underlying object located somewhere in a Local, we turn all magic
# methods into proxies for the same methods in the object of interest.
#property
def __dict__(self):
try:
return self._get_current_object().__dict__
except RuntimeError:
raise AttributeError('__dict__')
def __repr__(self):
try:
return repr(self._get_current_object())
except RuntimeError:
return '<%s unbound>' % self.__class__.__name__
def __bool__(self):
try:
return bool(self._get_current_object())
except RuntimeError:
return False
# ... etc etc ...
def __getattr__(self, name):
if name == '__members__':
return dir(self._get_current_object())
return getattr(self._get_current_object(), name)
def __setitem__(self, key, value):
self._get_current_object()[key] = value
def __delitem__(self, key):
del self._get_current_object()[key]
# ... and so on ...
__setattr__ = lambda x, n, v: setattr(x._get_current_object(), n, v)
__delattr__ = lambda x, n: delattr(x._get_current_object(), n)
__str__ = lambda x: str(x._get_current_object())
__lt__ = lambda x, o: x._get_current_object() < o
__le__ = lambda x, o: x._get_current_object() <= o
__eq__ = lambda x, o: x._get_current_object() == o
# ... and so forth ...
Now to create globally accessible proxies you would do
# this would happen some time near application start-up
local = Local()
request = LocalProxy(local, 'request')
g = LocalProxy(local, 'g')
and now some time early over the course of a request you would store some objects inside the local that the previously created proxies can access, no matter which thread we're on
# this would happen early during processing of an http request
local.request = RequestContext(http_environment)
local.g = SomeGeneralPurposeContainer()
The advantage of using LocalProxy as globally accessible objects rather than making them Locals themselves is that it simplifies their management. You only just need a single Local object to create many globally accessible proxies. At the end of the request, during cleanup, you simply release the one Local (i.e. you pop the context_id from its storage) and don't bother with the proxies, they're still globally accessible and still defer to the one Local to find their object of interest for subsequent http requests.
# this would happen some time near the end of request processing
release(local) # aka local.__release_local__()
To simplify the creation of a LocalProxy when we already have a Local, Werkzeug implements the Local.__call__() magic method as follows:
class Local(object):
# ...
# ... all same stuff as before go here ...
# ...
def __call__(self, name):
return LocalProxy(self, name)
# now you can do
local = Local()
request = local('request')
g = local('g')
However, if you look in the Flask source (flask.globals) that's still not how request, g, current_app and session are created. As we've established, Flask can spawn multiple "fake" requests (from a single true http request) and in the process also push multiple application contexts. This isn't a common use-case, but it's a capability of the framework. Since these "concurrent" requests and apps are still limited to run with only one having the "focus" at any time, it makes sense to use a stack for their respective context. Whenever a new request is spawned or one of the applications is called, they push their context at the top of their respective stack. Flask uses LocalStack objects for this purpose. When they conclude their business they pop the context out of the stack.
LocalStack
This is what a LocalStack looks like (again the code is simplified to facilitate understanding of its logic).
class LocalStack(object):
def __init__(self):
self.local = Local()
def push(self, obj):
"""Pushes a new item to the stack"""
rv = getattr(self.local, 'stack', None)
if rv is None:
self.local.stack = rv = []
rv.append(obj)
return rv
def pop(self):
"""Removes the topmost item from the stack, will return the
old value or `None` if the stack was already empty.
"""
stack = getattr(self.local, 'stack', None)
if stack is None:
return None
elif len(stack) == 1:
release_local(self.local) # this simply releases the local
return stack[-1]
else:
return stack.pop()
#property
def top(self):
"""The topmost item on the stack. If the stack is empty,
`None` is returned.
"""
try:
return self.local.stack[-1]
except (AttributeError, IndexError):
return None
Note from the above that a LocalStack is a stack stored in a local, not a bunch of locals stored on a stack. This implies that although the stack is globally accessible it's a different stack in each thread.
Flask doesn't have its request, current_app, g, and session objects resolving directly to a LocalStack, it rather uses LocalProxy objects that wrap a lookup function (instead of a Local object) that will find the underlying object from the LocalStack:
_request_ctx_stack = LocalStack()
def _find_request():
top = _request_ctx_stack.top
if top is None:
raise RuntimeError('working outside of request context')
return top.request
request = LocalProxy(_find_request)
def _find_session():
top = _request_ctx_stack.top
if top is None:
raise RuntimeError('working outside of request context')
return top.session
session = LocalProxy(_find_session)
_app_ctx_stack = LocalStack()
def _find_g():
top = _app_ctx_stack.top
if top is None:
raise RuntimeError('working outside of application context')
return top.g
g = LocalProxy(_find_g)
def _find_app():
top = _app_ctx_stack.top
if top is None:
raise RuntimeError('working outside of application context')
return top.app
current_app = LocalProxy(_find_app)
All these are declared at application start-up, but do not actually resolve to anything until a request context or application context is pushed to their respective stack.
If you're curious to see how a context is actually inserted in the stack (and subsequently popped out), look in flask.app.Flask.wsgi_app() which is the point of entry of the wsgi app (i.e. what the web server calls and pass the http environment to when a request comes in), and follow the creation of the RequestContext object all through its subsequent push() into _request_ctx_stack. Once pushed at the top of the stack, it's accessible via _request_ctx_stack.top. Here's some abbreviated code to demonstrate the flow:
So you start an app and make it available to the WSGI server...
app = Flask(*config, **kwconfig)
# ...
Later an http request comes in and the WSGI server calls the app with the usual params...
app(environ, start_response) # aka app.__call__(environ, start_response)
This is roughly what happens in the app...
def Flask(object):
# ...
def __call__(self, environ, start_response):
return self.wsgi_app(environ, start_response)
def wsgi_app(self, environ, start_response):
ctx = RequestContext(self, environ)
ctx.push()
try:
# process the request here
# raise error if any
# return Response
finally:
ctx.pop()
# ...
and this is roughly what happens with RequestContext...
class RequestContext(object):
def __init__(self, app, environ, request=None):
self.app = app
if request is None:
request = app.request_class(environ)
self.request = request
self.url_adapter = app.create_url_adapter(self.request)
self.session = self.app.open_session(self.request)
if self.session is None:
self.session = self.app.make_null_session()
self.flashes = None
def push(self):
_request_ctx_stack.push(self)
def pop(self):
_request_ctx_stack.pop()
Say a request has finished initializing, the lookup for request.path from one of your view functions would therefore go as follow:
start from the globally accessible LocalProxy object request.
to find its underlying object of interest (the object it's proxying to) it calls its lookup function _find_request() (the function it registered as its self.local).
that function queries the LocalStack object _request_ctx_stack for the top context on the stack.
to find the top context, the LocalStack object first queries its inner Local attribute (self.local) for the stack property that was previously stored there.
from the stack it gets the top context
and top.request is thus resolved as the underlying object of interest.
from that object we get the path attribute
So we've seen how Local, LocalProxy, and LocalStack work, now think for a moment of the implications and nuances in retrieving the path from:
a request object that would be a simple globally accessible object.
a request object that would be a local.
a request object stored as an attribute of a local.
a request object that is a proxy to an object stored in a local.
a request object stored on a stack, that is in turn stored in a local.
a request object that is a proxy to an object on a stack stored in a local. <- this is what Flask does.
Little addition #Mark Hildreth's answer.
Context stack look like {thread.get_ident(): []}, where [] called "stack" because used only append (push), pop and [-1] (__getitem__(-1)) operations. So context stack will keep actual data for thread or greenlet thread.
current_app, g, request, session and etc is LocalProxy object which just overrided special methods __getattr__, __getitem__, __call__, __eq__ and etc. and return value from context stack top ([-1]) by argument name (current_app, request for example).
LocalProxy needed to import this objects once and they will not miss actuality. So better just import request where ever you are in code instead play with sending request argument down to you functions and methods. You can easy write own extensions with it, but do not forget that frivolous usage can make code more difficult for understanding.
Spend time to understand https://github.com/mitsuhiko/werkzeug/blob/master/werkzeug/local.py.
So how populated both stacks? On request Flask:
create request_context by environment (init map_adapter, match path)
enter or push this request:
clear previous request_context
create app_context if it missed and pushed to application context stack
this request pushed to request context stack
init session if it missed
dispatch request
clear request and pop it from stack
Lets take one example , suppose you want to set a usercontext (using flask construct of Local and LocalProxy).
Define one User class :
class User(object):
def __init__(self):
self.userid = None
define a function to retrive user object inside current thread or greenlet
def get_user(_local):
try:
# get user object in current thread or greenlet
return _local.user
except AttributeError:
# if user object is not set in current thread ,set empty user object
_local.user = User()
return _local.user
Now define a LocalProxy
usercontext = LocalProxy(partial(get_user, Local()))
Now to get userid of user in current thread
usercontext.userid
explanation :
Local has a dict of identity and object. Identity is a threadid or greenlet id. In this example, _local.user = User() is eqivalent to _local.___storage__[current thread's id] ["user"] = User()
LocalProxy delegates operation to wrapped up Local object or you can provide a function that returns target object. In above example get_user function provides current user object to LocalProxy, and when you ask for current user's userid by usercontext.userid, LocalProxy's __getattr__ function first calls get_user to get User object (user) and then calls getattr(user,"userid"). To set userid on User (in current thread or greenlet) you simply do : usercontext.userid = "user_123"