python - POST-REDIRECT-GET with decrypted streams rather than html docs -

i using on-disk encryption protect client data. after logging in, users must provide symmetric key in order decrypt file off disk:

from django.shortcuts import render_to_response, requestcontext django.contrib.auth.decorators import login_required  django.http import httpresponse django.conf import settings django.template import template my_lib import decrypt_file import os import magic  @login_required def secret_stuff(request):     if not request.method == 'post':         return render_to_response('reenter_key.html', context_instance=requestcontext(request))      password = request.post.get('symmetric_key')     encrypted_file = os.path.join(settings.base_dir, 'templates', 'secret.enc')     byte_string = decrypt_file(password, encrypted_file)     file_type = magic.from_buffer(byte_string)     if b'data' in file_type:         return render_to_response('bad_key.html', context_instance=requestcontext(request))       decrypted = template(byte_string)      return httpresponse(decrypted.render(requestcontext(request))) 

this design annoying users because page reloads post requests. how can avoided without saving decrypted file disk?

you're saying want avoid forcing user re-enter key every time access data?

that means have save key in place can accessed multiple processes. usual way save per-user data in django use sessions framework. problem won't want key more accessible decrypted file (so presumably not in database or on disk).

you use cache backend sessions (or skip sessions , cache manually if you're using sessions else). noted in documentation, though, local-memory cache inappropriate.

you use memcached or redis, though of course key vulnerable has access cache. , if cache engine running on separate, external server have worry sending key on network (though using ssl possibility).

in end, there's trade-off between security , convenience of users, you'll have decide attack vectors you're worried , degree of security enough.