The middleware scenario
------------------------

In order to test the session cookie and general application flow,
we'll start by testing the middleware. The middleware handles the
creation of a cookie and stores a session id inside. This session is
is signed and timestamped, in order to overcome the "guessable" nature
of a session id and its possible weakness. It also adds another layer of
expiration, since the signature can be (is) checked for its max age.


The application
---------------

    >>> def simple_app(environ, start_response):
    ...     """retained visited path, raise exception if path contain 'fail'
    ...     """
    ...     session = environ['sess']
    ...     session['my_value'] = session.get('my_value', 0) + 1
    ...     session.save()
    ...     start_response('200 OK', [('Content-type', 'text/plain')])
    ...     return ['Called {0} time(s)'.format(
    ...         session['my_value']).encode('utf-8')]


The middleware is a class instanciated with the signature secret and
a timeout for the cookie and session lifespan. The timeout is
expressed as an integer representing the number of seconds before
expiration.

By default, the cookie_name is `sid` and the environ key `session`. 

    >>> import pytest
    >>> from webtest import TestApp
    >>> from cromlech.sessions.file import FileStore
    >>> from cromlech.session import SignedCookieManager, WSGISessionManager

    >>> folder = str(getfixture('tmpdir'))
    >>> handler = FileStore(folder, 300)
    >>> manager = SignedCookieManager('secret', handler, cookie='my_sid')
    >>> middleware = WSGISessionManager(manager, environ_key='sess')

    >>> wsgi_app = TestApp(middleware(simple_app))
    >>> result = wsgi_app.get('/')
    >>> result.status
    '200 OK'
    >>> result.headers['Set-Cookie']
    'my_sid=...; Expires=...; Domain=localhost; Path=/'
    >>> result.body
    b'Called 1 time(s)'

    >>> import os
    >>> sessions = os.listdir(folder)
    >>> assert len(sessions) == 1

    >>> sid = sessions[0]
    >>> assert handler.get_session_file(sid) is not None
    >>> handler.get(sid)
    {'my_value': 1}

    >>> result = wsgi_app.get('/')
    >>> result.body
    b'Called 2 time(s)'

    >>> handler.clear(sid)
    >>> result = wsgi_app.get('/')
    >>> result.body
    b'Called 1 time(s)'

    >>> handler.clear(sid)
    >>> sessions = os.listdir(folder)
    >>> assert len(sessions) == 0


Timeout
-------

    >>> handler = FileStore(folder, 1)  # 1 second timeout
    >>> manager = SignedCookieManager('secret', handler, cookie='my_sid')
    >>> middleware = WSGISessionManager(manager, environ_key='sess')

    >>> wsgi_app = TestApp(middleware(simple_app))
    >>> result = wsgi_app.get('/')
    >>> result.body
    b'Called 1 time(s)'

    >>> import time
    >>> time.sleep(1)

Still here :

    >>> sessions = os.listdir(folder)
    >>> assert len(sessions) == 1

Accessing it will implicitly expire it and create a new one but
we won't persist the new one :

    >>> sid = sessions[0]
    >>> handler.get(sid)
    {}
    >>> assert os.listdir(folder) == []
