Version 16 (modified by mrts, 10 years ago) (diff)


Part of DjangoSpecifications

Session framework improvements

The following tickets are related to sessions

Some of the tickets are interrelated, some of them pose security risks.

See also the discussion at and .

Other projects to draw inspiration from: Beaker.


The following is required from the session framework:

  • no session key collisions on creation (#1180)
  • there is a method for clearing session data (#7515)
  • session data is not shared between different users (#6941), session is cleared on logout; if user A was logged in when user B logins, session will be cleared on login as well (but not anonymous session data) -- depends on previous
  • DONE: supports controlling session lifetime (comment:ticket:2548:9 describes the use case)
Back to Top