''Part of DjangoSpecifications'' = Session framework improvements = The following tickets are related to sessions * major with dependencies: #6941 -> #7515 -> #1180 * less major: #6791, #6984 * minor/questionable: #3304 Some of the tickets are interrelated, some of them pose security risks. See also the discussion at http://groups.google.com/group/django-developers/browse_thread/thread/fbcfa88c997d1bb3 and http://groups.google.com/group/django-developers/browse_thread/thread/8cb4edee0db52197 . Other projects to draw inspiration from: [http://beaker.groovie.org Beaker]. == Proposal == The following is required from the session framework: * no session key collisions on creation (#1180) * there is a method for clearing session data (#7515) * session data is not shared between different users (#6941), session is cleared on logout; if user A was logged in when user B logins, session will be cleared on login as well (but not anonymous session data) -- depends on previous * DONE: supports controlling session lifetime (comment:ticket:2548:9 describes the use case)