| 1 | | ''Part of DjangoSpecifications'' |
| 2 | | |
| 3 | | = Session framework improvements = |
| 4 | | |
| 5 | | The following tickets are related to sessions |
| 6 | | * major with dependencies: #6941 -> #7515 -> #1180 |
| 7 | | * less major: #6791, #6984 |
| 8 | | * minor/questionable: #3304 |
| 9 | | |
| 10 | | Some of the tickets are interrelated, some of them pose security risks. |
| 11 | | |
| 12 | | See also the discussion at http://groups.google.com/group/django-developers/browse_thread/thread/fbcfa88c997d1bb3 and http://groups.google.com/group/django-developers/browse_thread/thread/8cb4edee0db52197 . |
| 13 | | |
| 14 | | Other projects to draw inspiration from: [http://beaker.groovie.org Beaker]. |
| 15 | | |
| 16 | | == Proposal == |
| 17 | | |
| 18 | | The following is required from the session framework: |
| 19 | | * no session key collisions on creation (#1180) |
| 20 | | * there is a method for clearing session data (#7515) |
| 21 | | * session data is not shared between different users (#6941), session is cleared on logout; if user A was logged in when user B logins, session will be cleared on login as well (but not anonymous session data) -- depends on previous |
| 22 | | * DONE: supports controlling session lifetime (comment:ticket:2548:9 describes the use case) |
| | 1 | This page and several others were created by a wiki user who was not and is not affiliated with the Django project. Previous contents of this and other similar pages are not and should not be confused with [http://docs.djangoproject.com/ Django's own documentation], which remains the sole source of official documentation for the Django project. |