[Django] #32751: Add link from Session object to User object
Django
--------------------------------------------+------------------------
Reporter: David | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.sessions | Version: 4.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
--------------------------------------------+------------------------
When designing web apps, a common pattern is presenting users with a list
of existing sessions (and the subsequent ability to end any or all of
their existing open sessions). This is useful for a number of security
reasons, and allows users to make sure there are no open sessions they
don't recognize.
However, currently Django has no direct link from a `Session` to an
authenticated `User`. There are multiple projects (`django-user-sessions`
and `django-qsessions`) that exist largely to add this functionality, and
a series of blog and Stackoverflow threads advocating various other
solutions including the use of a secondary `UserSession` model with
`ForeignKey` fields linking to the current session and current user. This
method is the least disruptive to stock Django, although not perfect
either since the session isn't always saved by the time the `logged_in`
signal fires.
Adding a `user` field to the existing `Session` model would add this
significant functionality and remove the need for external packages and
user workarounds. Systems that wanted to track additional information
about sessions could still override and extend the model, but for many
users a simple link from sessions to users would likely be sufficient. An
additional field in the Session would would maintain backward
compatibility as sessions could be updated to save the field as they were
accessed again, and/or developers could be advised to clear existing
sessions if they want to use this functionality from the start.
--
Ticket URL: <https://code.djangoproject.com/ticket/32751>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: David | Owner: nobody
Type: New feature | Status: closed
Component: contrib.sessions | Version: 4.0
Severity: Normal | Resolution: duplicate
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* type: Uncategorized => New feature
* resolution: => duplicate
Comment:
Duplicate of #19449.
--
Ticket URL: <https://code.djangoproject.com/ticket/32751#comment:1>
Django
Reporter: David | Owner: nobody
Type: New feature | Status: closed
Component: contrib.sessions | Version: 4.0
Severity: Normal | Resolution: duplicate
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by David):
Sorry about that, hadn't been able to find an original issue and hadn't
thought about non-DB backends.
--
Ticket URL: <https://code.djangoproject.com/ticket/32751#comment:2>