|Version 16 (modified by mrts, 6 years ago) (diff)|
Part of DjangoSpecifications
Session framework improvements
The following tickets are related to sessions
Some of the tickets are interrelated, some of them pose security risks.
See also the discussion at http://groups.google.com/group/django-developers/browse_thread/thread/fbcfa88c997d1bb3 and http://groups.google.com/group/django-developers/browse_thread/thread/8cb4edee0db52197 .
Other projects to draw inspiration from: Beaker.
The following is required from the session framework:
- no session key collisions on creation (#1180)
- there is a method for clearing session data (#7515)
- session data is not shared between different users (#6941), session is cleared on logout; if user A was logged in when user B logins, session will be cleared on login as well (but not anonymous session data) -- depends on previous
- DONE: supports controlling session lifetime (comment:ticket:2548:9 describes the use case)