Re: [Django] #35806: Allow the user to list and delete their sessions

Tue, 01 Oct 2024 07:22:13 -0700 

#35806: Allow the user to list and delete their sessions
----------------------------------+--------------------------------------
     Reporter:  Paolo Melchiorre  |                    Owner:  (none)
         Type:  New feature       |                   Status:  closed
    Component:  contrib.sessions  |                  Version:  dev
     Severity:  Normal            |               Resolution:  wontfix
     Keywords:                    |             Triage Stage:  Unreviewed
    Has patch:  0                 |      Needs documentation:  0
  Needs tests:  0                 |  Patch needs improvement:  0
Easy pickings:  0                 |                    UI/UX:  0
----------------------------------+--------------------------------------
Changes (by Natalia Bidart):

 * resolution:   => wontfix
 * status:  new => closed

Comment:

 Hello Paolo! Thank you for taking the time to create this report
 requesting a new feature.

 The [https://docs.djangoproject.com/en/stable/internals/contributing/bugs-
 and-features/#requesting-features documented guidelines for requesting
 features] require seeking and gaining community consensus before accepting
 a ticket for a New Feature. Because of that, the recommended path forward
 is to first propose and discuss the idea with the community by starting a
 new conversation on the [https://forum.djangoproject.com/c/internals/5
 Django Forum].

 I'll close the ticket for now, but if the community agrees with the
 proposal, please return to this ticket and reference the forum discussion
 so we can re-open it.

 Personally, I feel that a feature like the one described is risky because:

 1. The information suggested to be recorded (IP address, device ID,
 country, etc.) are all part of PII which has to be treated with great care
 and must follow the regulations of various countries and regions.
 2. This would greatly increase the chance of receiving security reports,
 even if not all are valid, it would highly increase the workload for the
 Security Team.

 Achieving this feature correctly feels very complex and challenging. At
 the very least I think we should have this as a new 3rd party app to have
 an idea of usage, acceptance, and implementation details.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35806#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107019248757737-7607d15b-cc18-4685-b49c-9b9699cfeae3-000000%40eu-central-1.amazonses.com.

Reply via email to