'Session' object does not support item assignment

2,107 views
Skip to first unread message

Vertigo

unread,
Jun 16, 2007, 12:28:31 PM6/16/07
to Django users
Hi,

Using the latest SVN revision, I have an issue when manipulating
sessions (out of request).

The background:
My application stores custom user privileges in their sessions (home-
cooked version of 'per-object' permissions).
When specific conditions are met, I must 'refresh' some user sessions.

Here is my faulty code (based on a refresh of all sessions, for
simplicity here):
from django.contrib.sessions.models import Session
for session in Session.objects.all():
session['privileges'] = "foo"

And this barks the following error message:
'Session' object does not support item assignment

I had a look at the session documentation. If one misses one of the
first lines (like I did), it can lead to a mess (like I have :-) ):
"Sessions are implemented via a piece of middleware and a Django
model".
And indeed, sessions appear clean and developer-friendly in the
documentation, because they have gone through the middleware piece
(thanks to the SessionWrapper).

Now back to my problem:
* Are Django sessions only designed to be used through the request
context (and session middleware) ?
* Is there any "easy" snippet of code to do what I want (i.e update a
Session object out of view) ?
* Do you think the documentation could benefit more precision, to
highlight the real distinction between "session" and
"request.session" ? (I was tricked by the whole thing, thinking that
sessions could be updated as easily out of the view)

Thanks for your feedback.

Jeremy Dunck

unread,
Jun 16, 2007, 1:46:06 PM6/16/07
to django...@googlegroups.com
On 6/16/07, Vertigo <vincent...@gmail.com> wrote:
> * Are Django sessions only designed to be used through the request
> context (and session middleware) ?

No, but they're most convenient that way.

> * Is there any "easy" snippet of code to do what I want (i.e update a
> Session object out of view) ?

This should do; the key point is that session_data is a pickled
dictionary. The Session Middleware takes care of deserializing and
serializing as a convenience, but since you're not using it, you'll
have to do the extra bits yourself.

Make sure not to do this on a live DB at first, since I haven't tested it. :)

for session in Session.objects.all():
d = session.get_decoded()
d['privileges'] = "foo"
session.session_data = Session.objects.encode(d)
session.save()

Another spelling would be this:

for session in Session.objects.all():
d = session.get_decoded()
d['privileges'] = "foo"
Session.objects.save(session.session_key, d, session.expire_date)

> * Do you think the documentation could benefit more precision, to
> highlight the real distinction between "session" and
> "request.session" ? (I was tricked by the whole thing, thinking that
> sessions could be updated as easily out of the view)

Yes. Can you open a documentation ticket on this, ideally with some
suggested verbiage?

Vertigo

unread,
Jun 18, 2007, 2:17:51 AM6/18/07
to Django users
Thanks, Jeremy.
Your piece of code works perfectly.
I will think about suggestions for the documentation and open a
ticket.

Reply all
Reply to author
Forward
0 new messages