#32751 closed New feature (duplicate)
Add link from Session object to User object
Reported by: | David | Owned by: | nobody |
---|---|---|---|
Component: | contrib.sessions | Version: | 4.0 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
When designing web apps, a common pattern is presenting users with a list of existing sessions (and the subsequent ability to end any or all of their existing open sessions). This is useful for a number of security reasons, and allows users to make sure there are no open sessions they don't recognize.
However, currently Django has no direct link from a Session
to an authenticated User
. There are multiple projects (django-user-sessions
and django-qsessions
) that exist largely to add this functionality, and a series of blog and Stackoverflow threads advocating various other solutions including the use of a secondary UserSession
model with ForeignKey
fields linking to the current session and current user. This method is the least disruptive to stock Django, although not perfect either since the session isn't always saved by the time the logged_in
signal fires.
Adding a user
field to the existing Session
model would add this significant functionality and remove the need for external packages and user workarounds. Systems that wanted to track additional information about sessions could still override and extend the model, but for many users a simple link from sessions to users would likely be sufficient. An additional field in the Session would would maintain backward compatibility as sessions could be updated to save the field as they were accessed again, and/or developers could be advised to clear existing sessions if they want to use this functionality from the start.
Change History (2)
comment:1 by , 4 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
Type: | Uncategorized → New feature |
comment:2 by , 4 years ago
Sorry about that, hadn't been able to find an original issue and hadn't thought about non-DB backends.
Duplicate of #19449.