id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32751	Add link from Session object to User object	David	nobody	"When designing web apps, a common pattern is presenting users with a list of existing sessions (and the subsequent ability to end any or all of their existing open sessions). This is useful for a number of security reasons, and allows users to make sure there are no open sessions they don't recognize.

However, currently Django has no direct link from a `Session` to  an authenticated `User`. There are multiple projects (`django-user-sessions` and `django-qsessions`) that exist largely to add this functionality, and a series of blog and Stackoverflow threads advocating various other solutions including the use of a secondary `UserSession` model with `ForeignKey` fields linking to the current session and current user. This method is the least disruptive to stock Django, although not perfect either since the session isn't always saved by the time the `logged_in` signal fires.

Adding a `user` field to the existing `Session` model would add this significant functionality and remove the need for external packages and user workarounds. Systems that wanted to track additional information about sessions could still override and extend the model, but for many users a simple link from sessions to users would likely be sufficient. An additional field in the Session would would maintain backward compatibility as sessions could be updated to save the field as they were accessed again, and/or developers could be advised to clear existing sessions if they want to use this functionality from the start."	New feature	closed	contrib.sessions	4.0	Normal	duplicate			Unreviewed	0	0	0	0	1	0