= Message Passing For Anonymous Users =
Proposal for 1.2: Django should include a contrib app, independent of contrib.auth, that facilitates message passing to anonymous users.
For more information see:
* Ticket #4604
* http://groups.google.com/group/django-developers/browse_thread/thread/eba93088c649022b
* http://www.caktusgroup.com/blog/2009/06/19/towards-a-standard-for-django-session-messages/
== Justification ==
Reasons why an alternative to the existing functionality ([http://docs.djangoproject.com/en/dev/topics/auth/#messages user.message_set.create]) is needed:
* It's not possible to create messages for anonymous users
* If the same Django user is logged in twice on different computers simultaneously, they see each others' messages
* User messages may get wiped even if they're not actually displayed to the user
* High-load sites want to avoid the unneeded database or cache usage
Reasons why a standard needs to be endorsed by Django and a 3rd party app will not suffice:
* The built-in implementation is broken for a large set of use cases (above); the fact that Django actively encourages this method of messaging is a bad thing
* Reusable apps don't know what 3rd party system to use and hence cannot rely on providing session feedback
== Integrating with the Existing API ==
It is not possible nor desirable to integrate with the existing API because it is tied directly to a related manager on the user model and cannot be extended to support the additional functionality in this proposal (without some ugly hacks). There are several possible solutions to this conflict (we don't really need or want two messaging APIs in the core); feel free to add more:
* In the documentation, cast the user messaging API in a vary narrow use; e.g., for administrator messages to specific users
* Phase out user messages entirely
== Existing 3rd Party Apps ==
There are a number of good, pre-existing applications out there that support more robust functionality, so there is no need to re-implement a solution from scratch for inclusion in Django. The existing solutions can be combined or modified to meet Django's needs. This section is meant to evaluate some of the different session/cookie message/notification engines out there for potential inclusion in Django as a contrib app. It is a work in progress so please contribute (your notification engine here) or other changes as you see fit.
=== Criteria ===
Technical criteria necessary for inclusion in the core:
* Support message passing for anonymous users
* Use the session only as a fallback: Avoid database/cache queries if possible, but support larger messages that don't fit in a cookie (> 4kb) when needed
* Don't lose messages if they're not displayed to the user (lazy message loading)
* Sign cookie-based messages
* Avoid [http://docs.python.org/library/pickle.html pickling] because of the obvious security concerns
* Provide a standard, intuitive interface so that reusable apps can provide feedback related to the current session
* Support different "classes" (e.g., info, warning, error, etc.) of messages, with the ability to specify custom classes as needed
Community criteria necessary for inclusion in the core:
* Needs community approval/support
* Needs to be the "de facto" standard implementation
=== Available Options ===
||'''Name and Link'''||'''Anonymous user support'''||'''Session Fallback'''||'''Lazy loads messages'''||'''Signed cookies'''||'''Avoids pickling'''||'''Standard interface'''||'''Classed Messages'''||
||[http://code.google.com/p/django-notify/ django-notify]||yes||yes||yes||yes||no||yes||yes (via "tags")||
||[http://github.com/danielfm/django-flash django-flash]||yes||no||no||yes||no||no||yes (but not in a standard way)||
||[http://github.com/leah/django-flash-status django-flash-status]||yes||no||no||yes||no||yes||yes, "errors" or "statuses"||
||[http://github.com/SeanOC/django-cnotes django-cnotes]||yes||no||no||yes||no||yes||no||
||[http://github.com/dcramer/django-notices django-notices]||yes||no||yes?||no (no cookie support)||n/a||yes||yes||
* '''yes''' means yes, always or, at least, can be configured to do this
* '''no''' means no, not in the current implementation
* '''n/a''' means not applicable
Please update this table with new options or corrected information as necessary.
== Potential API ==
The API is under discussion on the [http://groups.google.com/group/django-developers/browse_thread/thread/eba93088c649022b django-developers list]. Following are a few different iterations of what it might look like:
{{{
from django.contrib import messages
request.messages.add('message', messages.INFO)
# or
request.messages.add('message', classes=(messages.WARNING,))
# or
request.messages.error('message')
}}}
Using messages in your template:
{{{
{% if request.messages %}
{% for message in request.messages %}
{{ message }}
{% endfor %}
{% endif %}
}}}
=== django-notify ===
django-notify is the current front-runner in terms of technical features so a sampling of the potential API is included below. Feel free to include the API(s) of other solutions as well for comparison. It is understood that, should django-notify be chosen, this may (and probably will) change prior to inclusion in the core.
Add the middleware to your MIDDLEWARE_CLASSES setting (after !SessionMiddleware):
{{{
'django_notify.middleware.NotificationsMiddleware',
}}}
Add the context processor into your TEMPLATE_CONTEXT_PROCESSORS setting:
{{{
'django_notify.context_processors.notifications',
}}}
Add a temporary notification message like this:
{{{
request.notifications.add('Hello world.')
# You can optionally provide a string containing tags (which is usually represented as HTML classes for the message).
request.notifications.add('Your rating is over 9000!', 'error')
}}}
Use notifications in your template:
{{{
{% if notifications %}
{% for message in notifications %}
{{ message }}
{% endfor %}
{% endif %}
}}}
== TODO Once a Solution is Chosen ==
* Clean up the API, if necessary, to make it the de facto standard implementation for Django
* Review the code and make any additional feature changes necessary to support the technical criteria necessary for inclusion
== Other Considerations ==
* This app will ideally take advantage of the [wiki:Signing cookie signing API] that is also proposed for 1.2.