Opened 19 years ago

Closed 17 years ago

Last modified 12 years ago

#1 closed enhancement (fixed)

Create architecture for anonymous sessions

Reported by: Adrian Holovaty Owned by: Jacob
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


We need an architecture for anonymous sessions. Right now we have django.models.auth.sessions, but that only handles registered users' sessions. We need a system that automatically creates and manages sessions for anonymous users.

Here's one idea for this:

  • In the settings file, you define a SESSION_MODULE string, like the AUTH_PROFILE_MODULE, which points to the model to use for sessions.
  • Using this, httpwrappers automatically creates a request.session object which is persistant across requests based on cookies, etc.

Change History (14)

comment:1 by Ksenia, 19 years ago

WSGI session middleware can also be used for this (when WSGI support will be available :)

comment:2 by maurycy, 19 years ago

Besides lack of the anonymous sessions, which is described in the first ticket,
we have together two problems with the sessions. The second is demand to
reimplement sessions code as often as we need to merge them with other model,
like django.models.auth.sessions.

If I understand correctly, the current adrian's idea assumes creating the
global session model for every anonymous client, made through httpwrappers.
I see a few potential limitations. One, it seriously reduces flexibility
of the sessions. With the constant declared keys, we cannot add an another
during work. Two, modifing httpwrapers on our every whin certainly won't
increase quality of the code.

My proposals are a bit different.

Generally, idea of making the sessions the models is good, but their
flexibility should be built-in and enforced. Users should not design
them. Writing the not tested Python, pseudo code:

class Session(meta.Model):
  fields = (
    meta.CharField('session_md5', 'session MD5 hash', maxlength=32),
    meta.DateTimeField('start_time', 'start time', auto_now=True),
    meta.DateTimeField('time_to_live', 'time_to_live')

class Field(meta.Model):
  fields = (
    meta.CharField('key', 'key of the field', maxlenght=64),
    meta.TextField('value', 'value of the field', maxlength=64),

Now, we're not limited with the declared fields. We can extend the base
model no matter how.

Then, working with the sessions would looks like:

import django.models.products import products
import django.models.sessions import sessions

def test(request):
        session = sessions.Session(name='just_a_test')
    expect sessions.SessionDoesNotExist:
        return HttpResponseRedirect('not/logged')

    session.add_field(key='rocco', value='rocco is the best')

As careful readers would point, there's no playing with the cookies and
setting the time to live. It should be obviously done after creationg of the
object. At the moment, I don't have idea how to make it, but I don't think
it'll be the problem to add some kind of _post_creation() method.

The httpwrappers accusation is easier to respond. The middleware has been
invented for this kind of challenges. Anonymous session can be then created
automatically after every request by our new middleware class, which would
take care on them. If you don't need anonymous sessions, you simply do not set

Feel free to comment.

comment:3 by mmarshall, 19 years ago

From my limited knowledge and experience, it looks good. Although, the first thing I would do would be to subclass sessions.Session to support something like """ sessionrocco='rocco is the best!' """ ;-)


comment:4 by James Zhu, 19 years ago

well the one true thing that I need in django is handling session, i mean storing in session form objects, passwords and other stuff, i wish you everything good.

comment:5 by Jacob, 19 years ago

milestone: Version 1.0
Owner: changed from Adrian Holovaty to Jacob
Status: newassigned

comment:6 by Manuzhai, 19 years ago

Hmm, I think it should be possible to do session.field = value, which may preclude session from being a normal meta.Model descendent. That would be alright, though - it *is* special, after all. And I think there should be ways to set TTL and other stuff like that.

comment:7 by anonymous, 19 years ago

Cc: frido.ferdinand@… added

comment:8 by Adrian Holovaty, 19 years ago

Resolution: fixed
Status: assignedclosed

(In [518]) Fixed #1 -- Added anonymous session support via middleware and request.session. Removed the former request.session, which wasn't being used anyway. Removed auth.Session model. See the BackwardsIncompatibleChanges wiki page for IMPORTANT notes on code you'll have to change and a DB table you'll have to create.

comment:9 by (none), 17 years ago

milestone: Version 1.0

Milestone Version 1.0 deleted

comment:10 by Jacob, 17 years ago

(In [4462]) Trivial whitespace chance to AUTHORS to test the trac commit hook. Refs #1 also for testing, but it doesn't really.

comment:11 by anonymous, 17 years ago

Resolution: fixed
Status: closedreopened

Testing reopen - ignore, please...

comment:12 by Jacob, 17 years ago

Resolution: fixed
Status: reopenedclosed

Refixing; looks like it works.

comment:13 by anonymous, 13 years ago

Test - ignore (JKM).

comment:14 by frido.ferdinand@…, 12 years ago

Cc: frido.ferdinand@… removed
Easy pickings: unset
UI/UX: unset
Note: See TracTickets for help on using tickets.
Back to Top