Django

Code

Ticket #1 (closed: fixed)

Opened 3 years ago

Last modified 1 year ago

Create architecture for anonymous sessions

Reported by: adrian Assigned to: jacob
Milestone: Component: Core framework
Version: Keywords:
Cc: frido.ferdinand@gmail.com Triage Stage: Unreviewed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

We need an architecture for anonymous sessions. Right now we have django.models.auth.sessions, but that only handles registered users' sessions. We need a system that automatically creates and manages sessions for anonymous users.

Here's one idea for this:

  • In the settings file, you define a SESSION_MODULE string, like the AUTH_PROFILE_MODULE, which points to the model to use for sessions.
  • Using this, httpwrappers automatically creates a request.session object which is persistant across requests based on cookies, etc.

Attachments

Change History

07/17/05 16:51:00 changed by Ksenia

WSGI session middleware can also be used for this (when WSGI support will be available :)

07/29/05 15:21:59 changed by maurycy

Besides lack of the anonymous sessions, which is described in the first ticket, we have together two problems with the sessions. The second is demand to reimplement sessions code as often as we need to merge them with other model, like django.models.auth.sessions.

If I understand correctly, the current adrian's idea assumes creating the global session model for every anonymous client, made through httpwrappers. I see a few potential limitations. One, it seriously reduces flexibility of the sessions. With the constant declared keys, we cannot add an another during work. Two, modifing httpwrapers on our every whin certainly won't increase quality of the code.

My proposals are a bit different.

Generally, idea of making the sessions the models is good, but their flexibility should be built-in and enforced. Users should not design them. Writing the not tested Python, pseudo code: 

class Session(meta.Model):
  fields = (
    meta.CharField('session_md5', 'session MD5 hash', maxlength=32),
    meta.DateTimeField('start_time', 'start time', auto_now=True),
    meta.DateTimeField('time_to_live', 'time_to_live')
  )

class Field(meta.Model):
  fields = (
    meta.ForeignKey(Session),
    meta.CharField('key', 'key of the field', maxlenght=64),
    meta.TextField('value', 'value of the field', maxlength=64),
  )

Now, we're not limited with the declared fields. We can extend the base model no matter how.

Then, working with the sessions would looks like: 

import django.models.products import products
import django.models.sessions import sessions

def test(request):
    try:
        session = sessions.Session(name='just_a_test')
    expect sessions.SessionDoesNotExist:
        return HttpResponseRedirect('not/logged')

    session.add_field(key='rocco', value='rocco is the best')
    session.save()

As careful readers would point, there's no playing with the cookies and setting the time to live. It should be obviously done after creationg of the object. At the moment, I don't have idea how to make it, but I don't think it'll be the problem to add some kind of _post_creation() method.

The httpwrappers accusation is easier to respond. The middleware has been invented for this kind of challenges. Anonymous session can be then created automatically after every request by our new middleware class, which would take care on them. If you don't need anonymous sessions, you simply do not set MIDDLEWARE_CLASSES.

Feel free to comment.

07/29/05 19:32:03 changed by mmarshall

From my limited knowledge and experience, it looks good. Although, the first thing I would do would be to subclass sessions.Session to support something like """ sessionrocco?='rocco is the best!' """ ;-)

MWM

08/01/05 15:11:46 changed by james

well the one true thing that I need in django is handling session, i mean storing in session form objects, passwords and other stuff, i wish you everything good.

08/02/05 20:30:48 changed by jacob

  • owner changed from adrian to jacob.
  • status changed from new to assigned.
  • milestone set to Version 1.0.

08/07/05 05:56:56 changed by Manuzhai

Hmm, I think it should be possible to do session.field = value, which may preclude session from being a normal meta.Model descendent. That would be alright, though - it *is* special, after all. And I think there should be ways to set TTL and other stuff like that.

08/09/05 04:09:15 changed by anonymous

  • cc set to frido.ferdinand@gmail.com.

08/16/05 17:54:07 changed by adrian

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [518]) Fixed #1 -- Added anonymous session support via middleware and request.session. Removed the former request.session, which wasn't being used anyway. Removed auth.Session model. See the BackwardsIncompatibleChanges wiki page for IMPORTANT notes on code you'll have to change and a DB table you'll have to create.

01/17/07 16:12:17 changed by

  • milestone deleted.

Milestone Version 1.0 deleted

02/06/07 08:09:06 changed by jacob

(In [4462]) Trivial whitespace chance to AUTHORS to test the trac commit hook. Refs #1 also for testing, but it doesn't really.

02/06/07 09:31:54 changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

Testing reopen - ignore, please...

02/06/07 09:32:17 changed by jacob

  • status changed from reopened to closed.
  • resolution set to fixed.

Refixing; looks like it works.

Add/Change #1 (Create architecture for anonymous sessions)




Change Properties
Action