FastAPI Sessions

0.3.2 verified Mon Apr 27 auth: no python maintenance

A ready-to-use session library for FastAPI, providing customizable frontends, verifiers, and backends. Current version 0.3.2, released 2023 as maintenance mode; no active development.

pip install fastapi-sessions

Common errors

error AttributeError: module 'fastapi_sessions' has no attribute 'SessionManager' ↓

cause Incorrect import path; tried to import from a wrong module.

fix

Use from fastapi_sessions import SessionManager (not import fastapi_sessions).

error ImportError: cannot import name 'InMemoryBackend' from 'fastapi_sessions.backends' ↓

cause Trying to import InMemoryBackend from the package's top-level backends module instead of the submodule.

fix

Use from fastapi_sessions.backends.in_memory import InMemoryBackend.

error TypeError: object SessionFrontend can't be used in 'await' expression ↓

cause Trying to call session methods without awaiting them.

fix

Ensure all manager methods (create_session, get_session, etc.) are awaited: e.g., await manager.create_session(...).

Warnings

deprecated Library is in maintenance mode; no active development or bug fixes are expected. Consider alternatives like session-based auth with Starlette's built-in session middleware. ↓

fix Migrate to Starlette's SessionMiddleware from starlette.middleware.sessions.

gotcha The default in-memory backend is not suitable for production; sessions are lost on server restart. Use a persistent backend like RedisBackend (from fastapi_sessions.backends.redis). ↓

fix Configure a production-ready backend: `from fastapi_sessions.backends.redis import RedisBackend` and provide a Redis connection.

breaking Version 0.3.0 introduced a breaking rewrite: the API changed from a single SessionManager to customizable Frontend and Verifier components. Older code using SessionManager directly without frontends will break. ↓

fix Adjust imports and instantiation to include a frontend and verifier as per the new documentation.

Imports

SessionManager

wrong

from fastapi_sessions.session import SessionManager

correct

from fastapi_sessions import SessionManager

Wrong path: the main module is fastapi_sessions, not a submodule.

SessionBackend

wrong

from fastapi_sessions.backend import SessionBackend

correct

from fastapi_sessions.backends import SessionBackend

Wrong import: the module is 'backends' (plural), not 'backend'.

InMemoryBackend

wrong

from fastapi_sessions.backends import InMemoryBackend

correct

from fastapi_sessions.backends.in_memory import InMemoryBackend

InMemoryBackend is not exported from the backends package directly; import from the submodule.

Quickstart

Minimal example: create a session on login, retrieve it on a protected endpoint.

from fastapi import FastAPI, HTTPException
from fastapi_sessions import SessionManager
from fastapi_sessions.backends.in_memory import InMemoryBackend
from fastapi_sessions.frontends import SessionFrontend

app = FastAPI()
backend = InMemoryBackend()
frontend = SessionFrontend(secret_key="my-secret-key")
manager = SessionManager(backend=backend, frontend=frontend)

@app.post("/login")
async def login(username: str):
    session_id = await manager.create_session(data={"user": username})
    return {"session_id": session_id}

@app.get("/me")
async def get_me(session_id: str):
    session = await manager.get_session(session_id)
    if not session:
        raise HTTPException(status_code=401, detail="Invalid session")
    return session.data