Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#19449 closed New feature (wontfix)

Add user id to sessions table

Reported by: Nate Dudenhoeffer <ndudenhoeffer@…> Owned by: nobody
Component: contrib.sessions Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Add user id column to the session model to allow developers to easily retrieve old session data for a user, and to allow administrators to easily end a session for a particular user.

This is was discussed on Stack Overflow here:
http://stackoverflow.com/q/235950/480303

Change History (3)

comment:1 Changed 2 years ago by aaugustin

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Unsurprisingly, the accepted answer at SO in wrong is many ways, while the correct answer written by a Django core developer lingers in second position.

If you want to store the user id alongside the session key in a database table, use the extensibility mechanism provided by Django for such cases: pluggable sessions backends.

comment:2 Changed 2 years ago by Nate Dudenhoeffer <ndudenhoeffer@…>

Thanks for the comments aaugustin,and the suggestion of a pluggable backend. I absolutely agree with you that the correct answer in that post is rated second. However, the method described doesn't seem practical on even a moderate traffic site with any regularity.

comment:3 Changed 2 years ago by aaugustin

I agree that this method isn't practical.

Django's session API doesn't provide a way to invalidate sessions, because it isn't possible in the general case. For instance, you can't invalidate a session stored in a cookie!

If Django's built-in session backends don't match your requirements — like, being able to invalidate a session at will — you can write your own session backend. Subclassing the database session backend, extracting the user id from the session (when it's available, ie. the user is logged in), and storing it alongside the session data should be easy.

However this won't be possible for other session backends, and as such, it isn't a good match for inclusion in core.

Note: See TracTickets for help on using tickets.
Back to Top