Yosai serializes objects when caching and when saving 'Remember Me' information.
The serialization process is as follows:
- Reduce the state of a Yosai object to its primitive form (marshalling)
- Enrich the marshalled payload with metadata
- Encode the metadata-enriched payload
Yosai uses a forked copy of the Asphalt framework's serialization library to reduce custom classes to a primitive form that can be serialized. Asphalt is an asyncio based microframework for network oriented applications and it has a great serialization library. If you would like to learn more about Asphalt, click here.
Classes in yosai.core and yosai.web that inherit from the
base class are eligible for serialization in Yosai. A Serializable class has its
own marshalling methods, getstate and setstate, to control what gets
(de)serialized and how. These methods aren't required unless transformation is
necessary to accommodate the limitations of types supported by serialization
libraries. In other words, a serializer can marshall based on an object's dict,
without marshalling guidance if transformation isn't required. However, since
Yosai is used for security purposes it is prudent to maintain tighter control
To understand how to reduce objects, you are encouraged to review the
serialization source code of the
Serializable classes in Yosai. The
following classes are recommended for their diversity:
SerializationManager orchestrates the serialization process. It is indended for your caching library, wrapping "setters" with serialization and "getters" with deserialization.
For instance, the Yosai extension,
Yosai DPCache, obtains a SerializationManager instance during its CacheHandler initialization process. The
SerializationManager proxies all cache communication.