Code

Opened 19 months ago

Closed 19 months ago

Last modified 19 months ago

#19449 closed New feature (wontfix)

Add user id to sessions table

Reported by: Nate Dudenhoeffer <ndudenhoeffer@…> Owned by: nobody
Component: contrib.sessions Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Add user id column to the session model to allow developers to easily retrieve old session data for a user, and to allow administrators to easily end a session for a particular user.

This is was discussed on Stack Overflow here:
http://stackoverflow.com/q/235950/480303

Attachments (0)

Change History (3)

comment:1 Changed 19 months ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Unsurprisingly, the accepted answer at SO in wrong is many ways, while the correct answer written by a Django core developer lingers in second position.

If you want to store the user id alongside the session key in a database table, use the extensibility mechanism provided by Django for such cases: pluggable sessions backends.

comment:2 Changed 19 months ago by Nate Dudenhoeffer <ndudenhoeffer@…>

Thanks for the comments aaugustin,and the suggestion of a pluggable backend. I absolutely agree with you that the correct answer in that post is rated second. However, the method described doesn't seem practical on even a moderate traffic site with any regularity.

comment:3 Changed 19 months ago by aaugustin

I agree that this method isn't practical.

Django's session API doesn't provide a way to invalidate sessions, because it isn't possible in the general case. For instance, you can't invalidate a session stored in a cookie!

If Django's built-in session backends don't match your requirements — like, being able to invalidate a session at will — you can write your own session backend. Subclassing the database session backend, extracting the user id from the session (when it's available, ie. the user is logged in), and storing it alongside the session data should be easy.

However this won't be possible for other session backends, and as such, it isn't a good match for inclusion in core.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.