[core] Protect session data from unwanted loading.
Use specialised Session and Connection types that forward their 'data' and
'session_data' attributes to the pyramid request.session attribute.
This forwarding is done with properties, instead of copying a reference, which
allow to access request.session (and the session factory) if and only if
Session.data or Connection.session_data is accessed.
In some cases, most notably the static resources requests, it can mean no
access the session during the request handling, which saves a request to the
session persistence layer.
Closes #4891437
Quick start
===========
.. highlight:: console
From CubicWeb
-------------
- Install everything (here with pip, possibly in a virtualenv)::
pip install pyramid-cubicweb cubicweb-pyramid pyramid_debugtoolbar
- Make sure CubicWeb is in user mode::
export CW_MODE=user
- Create a CubicWeb instance, and install the 'pyramid' cube on it (see
:ref:`configenv` for more details on this step)::
cubicweb-ctl create pyramid myinstance
.. warning::
You `must` allow anonymous access.
- Edit your ``~/etc/cubicweb.d/myinstance/all-in-one.conf`` and set values for
:confval:`pyramid-auth-secret` and :confval:`pyramid-session-secret`.
- Start the instance with the :ref:`'pyramid' command <cubicweb-ctl_pyramid>`
instead of 'start'::
cubicweb-ctl pyramid --debug myinstance
In a pyramid application
------------------------
Coming soon.