Other storages doesn’t need it. cached_db inherits DbStorage https://github.com/django/django/blob/master/django/contrib/sessions/backends/cached_db.py#L17
and of course have implemented same clear_expired. signed_cookies uses cookie expiring i think (not checked). and cache storages uses caching expiring features. I think dependency of user_id must not be in core, not all storages can implement api (find all sessions of user for example) for this feature simple (file based sessions for example. You will need to process all sessions or use some type of meta file with dependencies). This is application level feature, not framework. I think you can simple implement your session database backend with this feature (don’t forget on user login/logout change user_id) included and share for community if nobody did it already :) -- Alexandr Shurigin From: Ulupov (Vaal) Vladimir vaal...@gmail.com Reply: django-developers@googlegroups.com django-developers@googlegroups.com Date: 20 июня 2014 г. at 0:06:45 To: django-developers@googlegroups.com django-developers@googlegroups.com Cc: vaal...@gmail.com vaal...@gmail.com Subject: Re: no relationship between session and user model This relation is not possible out of the box if we want to have highly customizable framework :) But backends already have differences. For example: only two implemented a method clear_expired https://github.com/django/django/blob/master/django/contrib/sessions/backends/file.py#L190 https://github.com/django/django/blob/master/django/contrib/sessions/backends/db.py#L81 How such a relationship may limit customizable? btw it's maybe as option... четверг, 19 июня 2014 г., 20:40:14 UTC+4 пользователь Alexandr Shurigin написал: Interesting question. Really django provides few sessions backends by default and only 2 of them store any session info in database (db, cached_db). All other backends save session info in various cache storages like memcache, redis, files, local cache, etc. Right now sessions built as a part of http protocol only, not user level. This relation is not possible out of the box if we want to have highly customizable framework :) Don’t worry, my english is ugly too ;) -- Alexandr Shurigin From: Vaal vaa...@gmail.com Reply: django-d...@googlegroups.com django-d...@googlegroups.com Date: 19 июня 2014 г. at 23:36:28 To: django-d...@googlegroups.com django-d...@googlegroups.com Subject: no relationship between session and user model Hello! There is a reason why in the framework (by default), there is no connection between the models user and session? I mean ForeignKey(to User) in Session model for example. This would be useful in a situation when the user changes the password, and we could remove all the sessions of that user. For example the user changes the password because he believes that pass has been compromised. But if the attacker was already has active session - it will not be interrupted. p.s. sorry for my English p.p.s. I understand that can modify the application sessions for their needs and make a new application or to find a ready-made. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com. To post to this group, send email to django-d...@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/848d8356-2614-4fc3-a20e-18b69786fda4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/etPan.53a31b45.836c40e.15a%40MacBook-Pro-dude.local. For more options, visit https://groups.google.com/d/optout.
