Use Starlette SessionMiddleware instead of manual cookie handling

Copilot · madebygps · Copilot · commit ae1aa76e5399 · 2026-02-06T17:14:07.000Z
Co-authored-by: madebygps &lt;6733686+madebygps@users.noreply.github.com&gt;
diff --git a/app/main.py b/app/main.py
@@ -2,99 +2,77 @@
 
 import uuid
 from pathlib import Path
-from typing import Any
 
 from fastapi import FastAPI, Request, Response
 from fastapi.responses import HTMLResponse
 from fastapi.staticfiles import StaticFiles
 from fastapi.templating import Jinja2Templates
+from starlette.middleware.sessions import SessionMiddleware
 
-from app.game_service import GameSession, get_session
+from app.game_service import get_session
 from app.models import GameState
 
 BASE_DIR = Path(__file__).resolve().parent
 
 app = FastAPI(title="Soc Ops - Social Bingo")
+app.add_middleware(SessionMiddleware, secret_key="soc-ops-secret-key")
 app.mount("/static", StaticFiles(directory=BASE_DIR / "static"), name="static")
 
 templates = Jinja2Templates(directory=BASE_DIR / "templates")
 
-SESSION_COOKIE = "soc_ops_session"
 
-
-def _session_from_request(
-    request: Request,
-) -> tuple[GameSession, Response]:
-    """Get or create session, returning the session and a Response for cookies."""
-    response = Response()
-    session_id = request.cookies.get(SESSION_COOKIE)
-    if not session_id:
-        session_id = uuid.uuid4().hex
-        response.set_cookie(SESSION_COOKIE, session_id, httponly=True, samesite="lax")
-    return get_session(session_id), response
-
-
-def _render(
-    request: Request,
-    response: Response,
-    template: str,
-    context: dict[str, Any],
-) -> Response:
-    """Render a template, copying any set-cookie headers from response."""
-    content = templates.TemplateResponse(request, template, context)
-    for key, value in response.headers.items():
-        if key.lower() == "set-cookie":
-            content.headers.append(key, value)
-    return content
+def _get_game_session(request: Request):
+    """Get or create a game session using Starlette SessionMiddleware."""
+    if "session_id" not in request.session:
+        request.session["session_id"] = uuid.uuid4().hex
+    return get_session(request.session["session_id"])
 
 
 @app.get("/", response_class=HTMLResponse)
 async def home(request: Request) -> Response:
-    session, response = _session_from_request(request)
-    return _render(
+    session = _get_game_session(request)
+    return templates.TemplateResponse(
         request,
-        response,
         "home.html",
         {"session": session, "GameState": GameState},
     )
 
 
 @app.post("/start", response_class=HTMLResponse)
 async def start_game(request: Request) -> Response:
-    session, response = _session_from_request(request)
+    session = _get_game_session(request)
     session.start_game()
-    return _render(
-        request, response, "components/game_screen.html", {"session": session}
+    return templates.TemplateResponse(
+        request, "components/game_screen.html", {"session": session}
     )
 
 
 @app.post("/toggle/{square_id}", response_class=HTMLResponse)
 async def toggle_square(request: Request, square_id: int) -> Response:
-    session, response = _session_from_request(request)
+    session = _get_game_session(request)
     session.handle_square_click(square_id)
-    return _render(
-        request, response, "components/game_screen.html", {"session": session}
+    return templates.TemplateResponse(
+        request, "components/game_screen.html", {"session": session}
     )
 
 
 @app.post("/reset", response_class=HTMLResponse)
 async def reset_game(request: Request) -> Response:
-    session, response = _session_from_request(request)
+    session = _get_game_session(request)
     session.reset_game()
-    return _render(
+    return templates.TemplateResponse(
         request,
-        response,
         "components/start_screen.html",
         {"session": session, "GameState": GameState},
     )
 
 
 @app.post("/dismiss-modal", response_class=HTMLResponse)
 async def dismiss_modal(request: Request) -> Response:
-    session, response = _session_from_request(request)
+    session = _get_game_session(request)
     session.dismiss_modal()
-    return _render(
-        request, response, "components/game_screen.html", {"session": session}
+    return templates.TemplateResponse(
+        request, "components/game_screen.html", {"session": session}
     )
 
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -6,6 +6,7 @@ readme = "README.md"
 requires-python = ">=3.13"
 dependencies = [
     "fastapi>=0.115.0",
+    "itsdangerous>=2.2.0",
     "jinja2>=3.1.0",
     "uvicorn[standard]>=0.34.0",
 ]
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -22,7 +22,7 @@ def test_home_contains_start_screen(self, client: TestClient):
 
     def test_home_sets_session_cookie(self, client: TestClient):
         response = client.get("/")
-        assert "soc_ops_session" in response.cookies
+        assert "session" in response.cookies
 
 
 class TestStartGame:

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ readme = "README.md"`
`6`	`6`	`requires-python = ">=3.13"`
`7`	`7`	`dependencies = [`
`8`	`8`	`"fastapi>=0.115.0",`
	`9`	`+ "itsdangerous>=2.2.0",`
`9`	`10`	`"jinja2>=3.1.0",`
`10`	`11`	`"uvicorn[standard]>=0.34.0",`
`11`	`12`	`]`