Add user id to sessions table

[Nate Dudenhoeffer <ndudenhoeffer@…>]

Add user id column to the session model to allow developers to easily retrieve old session data for a user, and to allow administrators to easily end a session for a particular user.

This is was discussed on Stack Overflow here:
​http://stackoverflow.com/q/235950/480303

[Aymeric Augustin]

Unsurprisingly, the accepted answer at SO in wrong is many ways, while the correct answer written by a Django core developer lingers in second position.

If you want to store the user id alongside the session key in a database table, use the extensibility mechanism provided by Django for such cases: pluggable sessions backends.

[Nate Dudenhoeffer <ndudenhoeffer@…>]

Thanks for the comments aaugustin,and the suggestion of a pluggable backend. I absolutely agree with you that the correct answer in that post is rated second. However, the method described doesn't seem practical on even a moderate traffic site with any regularity.

[Aymeric Augustin]

I agree that this method isn't practical.

Django's session API doesn't provide a way to invalidate sessions, because it isn't possible in the general case. For instance, you can't invalidate a session stored in a cookie!

If Django's built-in session backends don't match your requirements — like, being able to invalidate a session at will — you can write your own session backend. Subclassing the database session backend, extracting the user id from the session (when it's available, ie. the user is logged in), and storing it alongside the session data should be easy.

However this won't be possible for other session backends, and as such, it isn't a good match for inclusion in core.