Version 14 (modified by anonymous, 10 years ago) (diff)


Part of DjangoSpecifications

Session framework improvements

The following tickets are related to sessions: #3304, #1180, #6791, #6941, #6984, #7515.

Some of the tickets are interrelated, some of them pose security risks.

See also the discussion at .

Other projects to draw inspiration from: Beaker.


The following is required from the session framework:

  • no session key collisions on creation (#1180)
  • there is a method for clearing session data (#7515)
  • session data is not shared between different users (#6941), session is cleared on logout; if user A was logged in when user B logins, session will be cleared on login as well (but not anonymous session data) -- depends on previous
  • supports controlling session lifetime (comment:ticket:2548:9 describes the use case)
Back to Top