Questions about session
20 views
Skip to first unread message
Lorenzo Bernardi
Jan 26, 2016, 5:07:05 PM1/26/16
to django...@googlegroups.com
Hello,
I'm writing an app which needs authentication and I was wondering if
the information about the user should be put in request.session. My app
deals with the access to certain equipments and every user has a
different set of equipment it can sees. Should I put the list of
equipment in the session or should I compute each time I access a view
or a form in creating a method in the my_app_user class which compute
the rights by quering the database. Session might not be the best option
because it keeps data so that a user can still have access even if it
has been deleted.
My problem is in fact with the templates because once a user is logged
the interface should show the equipment the user can access as a menu
and so I should have the information available in the template
(typically the base template). In that case the request.session can be a
good option since I can check if the user has the right to access the
equipment or not. If I'm not using request.session it looks like I have
to send the data for each views. Or is ther any other options?
Sorry if the questions is too silly but I haven't found any information
for that kind of problems which looks rather common and so if you can
send me any pointer I'm really interested. It might be more general than
django perhaps. I mean session are used everywhere.
Sincerely
L.
I'm writing an app which needs authentication and I was wondering if
the information about the user should be put in request.session. My app
deals with the access to certain equipments and every user has a
different set of equipment it can sees. Should I put the list of
equipment in the session or should I compute each time I access a view
or a form in creating a method in the my_app_user class which compute
the rights by quering the database. Session might not be the best option
because it keeps data so that a user can still have access even if it
has been deleted.
My problem is in fact with the templates because once a user is logged
the interface should show the equipment the user can access as a menu
and so I should have the information available in the template
(typically the base template). In that case the request.session can be a
good option since I can check if the user has the right to access the
equipment or not. If I'm not using request.session it looks like I have
to send the data for each views. Or is ther any other options?
Sorry if the questions is too silly but I haven't found any information
for that kind of problems which looks rather common and so if you can
send me any pointer I'm really interested. It might be more general than
django perhaps. I mean session are used everywhere.
Sincerely
L.
James Schneider
Jan 26, 2016, 5:26:25 PM1/26/16
to django...@googlegroups.com
I answered a very similar question to this a few days ago: https://groups.google.com/forum/#!msg/django-users/L3pUwDYs6jw/bSYVs81tEwAJ
TL;DR; You can keep everything in the session if you want, but its a ton more work and probably error prone. Django's approach is a fresh batch of data calls every time.
-James
Krishnakant
Jan 27, 2016, 6:54:56 AM1/27/16
to django...@googlegroups.com
If you wish to keep some data always visible specially i the base
template, then why not make the base template a single page app and then
through ajax lode other pages?
You can also use angular.js for such work.
happy hacking.
Krishnakant.
Lorenzo Bernardi
Jan 27, 2016, 6:55:52 AM1/27/16
to django...@googlegroups.com
Hello,
>
> I answered a very similar question to this a few days ago:
> https://groups.google.com/forum/#!msg/django-users/L3pUwDYs6jw/bSYVs81tEwAJ
> <https://groups.google.com/forum/#%21msg/django-users/L3pUwDYs6jw/bSYVs81tEwAJ>
>
thanks for the link. I agree with you for the fact that updating session
might be a problem because it should be done for each views explicitely.
It seems that in fact django does it by itself on each request (and I
didn't know that). My problem is that I have to use a custom user models
because of extra information and permissions. You seem to imply that in
the case of a custom auth backend I might have to use the
request.session variable. I do a custom authentication because the way
the password is computed in the external application I'm taking the info
is not the same as django'one but it looks like the way to go is to
extend the login() function of django.contrib.auth to add the
information I need in the template.
> TL;DR; You can keep everything in the session if you want, but its a
> ton more work and probably error prone. Django's approach is a fresh
> batch of data calls every time.
Better stick to this philosophy then and understand how to add
information to request.user.
thanks,
L.
>
> I answered a very similar question to this a few days ago:
> https://groups.google.com/forum/#!msg/django-users/L3pUwDYs6jw/bSYVs81tEwAJ
>
thanks for the link. I agree with you for the fact that updating session
might be a problem because it should be done for each views explicitely.
It seems that in fact django does it by itself on each request (and I
didn't know that). My problem is that I have to use a custom user models
because of extra information and permissions. You seem to imply that in
the case of a custom auth backend I might have to use the
request.session variable. I do a custom authentication because the way
the password is computed in the external application I'm taking the info
is not the same as django'one but it looks like the way to go is to
extend the login() function of django.contrib.auth to add the
information I need in the template.
> TL;DR; You can keep everything in the session if you want, but its a
> ton more work and probably error prone. Django's approach is a fresh
> batch of data calls every time.
information to request.user.
thanks,
L.
Lorenzo Bernardi
Jan 27, 2016, 6:58:50 AM1/27/16
to django...@googlegroups.com
Hello,
think of making the base page a single app. I'll look for that.
> You can also use angular.js for such work.
Here again I'll have a look at it.
> happy hacking.
thanks,
L.
>
> If you wish to keep some data always visible specially i the base
> template, then why not make the base template a single page app and
> then through ajax lode other pages?
I thought of using ajax but I'm not very familiar with it. But I didn't
> If you wish to keep some data always visible specially i the base
> template, then why not make the base template a single page app and
> then through ajax lode other pages?
think of making the base page a single app. I'll look for that.
> You can also use angular.js for such work.
> happy hacking.
thanks,
L.
Reply all
Reply to author
Forward
0 new messages