Re: no relationship between session and user model
You are right about my question. Next time I will read carefully the release notes. Thx! четверг, 19 июня 2014 г., 21:34:02 UTC+4 пользователь Aymeric Augustin написал: > > Previous answers explain why the sessions API makes it impossible to > create a FK from Session to User. However, it looks like this isn't the > question you wanted to ask. > > Your real question seems to be: "how can I invalidate sessions on password > change?" Fortunately, Django 1.7 includes a new middleware for this purpose. > > > https://docs.djangoproject.com/en/dev/ref/middleware/#django.contrib.auth.middleware.SessionAuthenticationMiddleware > > -- > Aymeric. > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/c4fbf21e-852f-4dca-b3e8-b2e7df225a2f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: no relationship between session and user model
On Thu, Jun 19, 2014 at 1:07 PM, Vaal wrote: > This would be useful in a situation when the user changes the password, and > we could remove all the sessions of that user. > For example the user changes the password because he believes that pass has > been compromised. But if the attacker was already has active session - it > will not be interrupted. > Django 1.7 changes this. See https://docs.djangoproject.com/en/1.7/topics/auth/default/#session-invalidation-on-password-change Regards, -- Ramiro Morales @ramiromorales -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAO7PdF81VrLaF5GsZYxbBEVZsoBNuzXJg%2BW87nQB3_hsXcgYFg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: no relationship between session and user model
Previous answers explain why the sessions API makes it impossible to create a FK from Session to User. However, it looks like this isn't the question you wanted to ask. Your real question seems to be: "how can I invalidate sessions on password change?" Fortunately, Django 1.7 includes a new middleware for this purpose. https://docs.djangoproject.com/en/dev/ref/middleware/#django.contrib.auth.middleware.SessionAuthenticationMiddleware -- Aymeric. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CANE-7mVa7W2vTrPkoLbmWonVjvg8%2BvV_PGZtgqG7x47ta%2B7fpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: no relationship between session and user model
Take a look for https://pypi.python.org/pypi/django-user-sessions please. Looks like what you need. -- Alexandr Shurigin From: Shurigin Alexandr alexandr.shuri...@gmail.com Reply: Shurigin Alexandr alexandr.shuri...@gmail.com Date: 20 июня 2014 г. at 0:18:03 To: django-developers@googlegroups.com django-developers@googlegroups.com, (Vaal) Vladimir Ulupov vaal...@gmail.com Cc: vaal...@gmail.com vaal...@gmail.com Subject: Re: no relationship between session and user model Other storages doesn’t need it. cached_db inherits DbStorage https://github.com/django/django/blob/master/django/contrib/sessions/backends/cached_db.py#L17 and of course have implemented same clear_expired. signed_cookies uses cookie expiring i think (not checked). and cache storages uses caching expiring features. I think dependency of user_id must not be in core, not all storages can implement api (find all sessions of user for example) for this feature simple (file based sessions for example. You will need to process all sessions or use some type of meta file with dependencies). This is application level feature, not framework. I think you can simple implement your session database backend with this feature (don’t forget on user login/logout change user_id) included and share for community if nobody did it already :) -- Alexandr Shurigin From: Ulupov (Vaal) Vladimir vaal...@gmail.com Reply: django-developers@googlegroups.com django-developers@googlegroups.com Date: 20 июня 2014 г. at 0:06:45 To: django-developers@googlegroups.com django-developers@googlegroups.com Cc: vaal...@gmail.com vaal...@gmail.com Subject: Re: no relationship between session and user model This relation is not possible out of the box if we want to have highly customizable framework :) But backends already have differences. For example: only two implemented a method clear_expired https://github.com/django/django/blob/master/django/contrib/sessions/backends/file.py#L190 https://github.com/django/django/blob/master/django/contrib/sessions/backends/db.py#L81 How such a relationship may limit customizable? btw it's maybe as option... четверг, 19 июня 2014 г., 20:40:14 UTC+4 пользователь Alexandr Shurigin написал: Interesting question. Really django provides few sessions backends by default and only 2 of them store any session info in database (db, cached_db). All other backends save session info in various cache storages like memcache, redis, files, local cache, etc. Right now sessions built as a part of http protocol only, not user level. This relation is not possible out of the box if we want to have highly customizable framework :) Don’t worry, my english is ugly too ;) -- Alexandr Shurigin From: Vaal vaa...@gmail.com Reply: django-d...@googlegroups.com django-d...@googlegroups.com Date: 19 июня 2014 г. at 23:36:28 To: django-d...@googlegroups.com django-d...@googlegroups.com Subject: no relationship between session and user model Hello! There is a reason why in the framework (by default), there is no connection between the models user and session? I mean ForeignKey(to User) in Session model for example. This would be useful in a situation when the user changes the password, and we could remove all the sessions of that user. For example the user changes the password because he believes that pass has been compromised. But if the attacker was already has active session - it will not be interrupted. p.s. sorry for my English p.p.s. I understand that can modify the application sessions for their needs and make a new application or to find a ready-made. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com. To post to this group, send email to django-d...@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/848d8356-2614-4fc3-a20e-18b69786fda4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an e
Re: no relationship between session and user model
Other storages doesn’t need it. cached_db inherits DbStorage https://github.com/django/django/blob/master/django/contrib/sessions/backends/cached_db.py#L17 and of course have implemented same clear_expired. signed_cookies uses cookie expiring i think (not checked). and cache storages uses caching expiring features. I think dependency of user_id must not be in core, not all storages can implement api (find all sessions of user for example) for this feature simple (file based sessions for example. You will need to process all sessions or use some type of meta file with dependencies). This is application level feature, not framework. I think you can simple implement your session database backend with this feature (don’t forget on user login/logout change user_id) included and share for community if nobody did it already :) -- Alexandr Shurigin From: Ulupov (Vaal) Vladimir vaal...@gmail.com Reply: django-developers@googlegroups.com django-developers@googlegroups.com Date: 20 июня 2014 г. at 0:06:45 To: django-developers@googlegroups.com django-developers@googlegroups.com Cc: vaal...@gmail.com vaal...@gmail.com Subject: Re: no relationship between session and user model This relation is not possible out of the box if we want to have highly customizable framework :) But backends already have differences. For example: only two implemented a method clear_expired https://github.com/django/django/blob/master/django/contrib/sessions/backends/file.py#L190 https://github.com/django/django/blob/master/django/contrib/sessions/backends/db.py#L81 How such a relationship may limit customizable? btw it's maybe as option... четверг, 19 июня 2014 г., 20:40:14 UTC+4 пользователь Alexandr Shurigin написал: Interesting question. Really django provides few sessions backends by default and only 2 of them store any session info in database (db, cached_db). All other backends save session info in various cache storages like memcache, redis, files, local cache, etc. Right now sessions built as a part of http protocol only, not user level. This relation is not possible out of the box if we want to have highly customizable framework :) Don’t worry, my english is ugly too ;) -- Alexandr Shurigin From: Vaal vaa...@gmail.com Reply: django-d...@googlegroups.com django-d...@googlegroups.com Date: 19 июня 2014 г. at 23:36:28 To: django-d...@googlegroups.com django-d...@googlegroups.com Subject: no relationship between session and user model Hello! There is a reason why in the framework (by default), there is no connection between the models user and session? I mean ForeignKey(to User) in Session model for example. This would be useful in a situation when the user changes the password, and we could remove all the sessions of that user. For example the user changes the password because he believes that pass has been compromised. But if the attacker was already has active session - it will not be interrupted. p.s. sorry for my English p.p.s. I understand that can modify the application sessions for their needs and make a new application or to find a ready-made. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com. To post to this group, send email to django-d...@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/848d8356-2614-4fc3-a20e-18b69786fda4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/etPan.53a31b45.836c40e.15a%40MacBook-Pro-dude.local. For more options, visit https://groups.google.com/d/optout.
Re: no relationship between session and user model
> > This relation is not possible out of the box if we want to have highly > customizable framework :) But backends already have differences. For example: only two implemented a method clear_expired https://github.com/django/django/blob/master/django/contrib/sessions/backends/file.py#L190 https://github.com/django/django/blob/master/django/contrib/sessions/backends/db.py#L81 How such a relationship may limit customizable? btw it's maybe as option... четверг, 19 июня 2014 г., 20:40:14 UTC+4 пользователь Alexandr Shurigin написал: > > Interesting question. Really django provides few sessions backends by > default and only 2 of them store any session info in database (db, > cached_db). All other backends save session info in various cache storages > like memcache, redis, files, local cache, etc. Right now sessions built as > a part of http protocol only, not user level. > > This relation is not possible out of the box if we want to have highly > customizable framework :) > > Don’t worry, my english is ugly too ;) > > -- > Alexandr Shurigin > > From: Vaal vaa...@gmail.com > Reply: django-d...@googlegroups.com > django-d...@googlegroups.com > Date: 19 июня 2014 г. at 23:36:28 > To: django-d...@googlegroups.com > django-d...@googlegroups.com > Subject: no relationship between session and user model > > Hello! > There is a reason why in the framework (by default), there is no > connection between the models user and session? > I mean ForeignKey(to User) in Session model for example. > > This would be useful in a situation when the user changes the password, > and we could remove all the sessions of that user. > For example the user changes the password because he believes that pass > has been compromised. But if the attacker was already has active session - > it will not be interrupted. > > p.s. sorry for my English > p.p.s. I understand that can modify the application sessions for their > needs and make a new application or to find a ready-made. > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-develop...@googlegroups.com . > To post to this group, send email to django-d...@googlegroups.com > . > Visit this group at http://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com > > <https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/848d8356-2614-4fc3-a20e-18b69786fda4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: no relationship between session and user model
Interesting question. Really django provides few sessions backends by default and only 2 of them store any session info in database (db, cached_db). All other backends save session info in various cache storages like memcache, redis, files, local cache, etc. Right now sessions built as a part of http protocol only, not user level. This relation is not possible out of the box if we want to have highly customizable framework :) Don’t worry, my english is ugly too ;) -- Alexandr Shurigin From: Vaal vaal...@gmail.com Reply: django-developers@googlegroups.com django-developers@googlegroups.com Date: 19 июня 2014 г. at 23:36:28 To: django-developers@googlegroups.com django-developers@googlegroups.com Subject: no relationship between session and user model Hello! There is a reason why in the framework (by default), there is no connection between the models user and session? I mean ForeignKey(to User) in Session model for example. This would be useful in a situation when the user changes the password, and we could remove all the sessions of that user. For example the user changes the password because he believes that pass has been compromised. But if the attacker was already has active session - it will not be interrupted. p.s. sorry for my English p.p.s. I understand that can modify the application sessions for their needs and make a new application or to find a ready-made. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/etPan.53a31260.4353d0cd.15a%40MacBook-Pro-dude.local. For more options, visit https://groups.google.com/d/optout.
no relationship between session and user model
Hello! There is a reason why in the framework (by default), there is no connection between the models user and session? I mean ForeignKey(to User) in Session model for example. This would be useful in a situation when the user changes the password, and we could remove all the sessions of that user. For example the user changes the password because he believes that pass has been compromised. But if the attacker was already has active session - it will not be interrupted. p.s. sorry for my English p.p.s. I understand that can modify the application sessions for their needs and make a new application or to find a ready-made. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/8ac582df-e1f1-4619-863c-134cadefc405%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
