Testing webapp2 sessions with WebTest

I spent some time today figuring out how to test webapp2 sessions with WebTest.

You can do this by setting the Cookie HTTP header when you make the test request. The trick is figuring out what the value should be. In webapp2_extras, the default session type is a secure cookie produced by webapp2_extras.securecookie.SecureCookieSerializer. When you go through all the rigamarole of managing the session, you end up with a header like this:

Set-Cookie: session=<secure stuff>; Path=/

And the browser sends back:

Cookie: session=<secure stuff>

So that is what we need to send in the test.

First, create the SecureCookieSerializer with the same secret that your application uses.

from webapp2_extras.securecookie import SecureCookieSerializer

secure_cookie_serializer = SecureCookieSerializer('totally secret')

Now you can use it in your tests:

def test_something_that_uses_the_session(self):
  session = {'key': 'value'}
  serialized = secure_cookie_serializer.serialize('session', session)
  headers = {'Cookie': 'session=%s' % serialized}

  response = self.get("/", headers=headers)

  self.assertOK(response)

SecureCookieSerializer encodes the name of the cookie key as well as the value in its HMAC, which is why ‘session’ is being used twice.

We are using a simple wrapper around WebTest, so the exact code you use will vary, but the gist will be the same. Also, if you changed the name of the session cookie, you’ll obviously have to adapt the tests as well.