Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#32751 closed New feature (duplicate)

Add link from Session object to User object

Reported by: David Owned by: nobody
Component: contrib.sessions Version: 4.0
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

When designing web apps, a common pattern is presenting users with a list of existing sessions (and the subsequent ability to end any or all of their existing open sessions). This is useful for a number of security reasons, and allows users to make sure there are no open sessions they don't recognize.

However, currently Django has no direct link from a Session to an authenticated User. There are multiple projects (django-user-sessions and django-qsessions) that exist largely to add this functionality, and a series of blog and Stackoverflow threads advocating various other solutions including the use of a secondary UserSession model with ForeignKey fields linking to the current session and current user. This method is the least disruptive to stock Django, although not perfect either since the session isn't always saved by the time the logged_in signal fires.

Adding a user field to the existing Session model would add this significant functionality and remove the need for external packages and user workarounds. Systems that wanted to track additional information about sessions could still override and extend the model, but for many users a simple link from sessions to users would likely be sufficient. An additional field in the Session would would maintain backward compatibility as sessions could be updated to save the field as they were accessed again, and/or developers could be advised to clear existing sessions if they want to use this functionality from the start.

Change History (2)

comment:1 by Mariusz Felisiak, 3 years ago

Resolution: duplicate
Status: newclosed
Type: UncategorizedNew feature

Duplicate of #19449.

comment:2 by David, 3 years ago

Sorry about that, hadn't been able to find an original issue and hadn't thought about non-DB backends.

Note: See TracTickets for help on using tickets.
Back to Top