Version 12 (modified by 16 years ago) ( diff ) | ,
---|
Part of DjangoSpecifications
Session framework improvements
The following tickets are related to sessions: comment:ticket:5549:5, #2548, #3304, #1180, #6791, #6941, #6984, #7515.
Some of the tickets are interrelated, some of them pose security risks.
See also the discussion at http://groups.google.com/group/django-developers/browse_thread/thread/fbcfa88c997d1bb3 .
Other projects to draw inspiration from: Beaker.
Proposal
The following is required from the session framework:
- no session key collisions on creation (#1180)
- there is a method for clearing session data (#7515)
- session data is not shared between different users (#6941), session is cleared on logout; if a different user was logged during login, his data will be cleared on login as well (but not anonymous session data) -- depends on previous
- supports controlling session lifetime (comment:ticket:2548:9 describes the use case)
Note:
See TracWiki
for help on using the wiki.