Re: django sessions

[Chetan Ganji]

Hii,

below answer might ring some bells.

https://stackoverflow.com/questions/2551933/django-accessing-session-variables-from-within-a-template

Cheers!

On Sat, Jul 6, 2019, 5:24 PM Luka Lelashvili 
wrote:

> Hello, how can I access session in my base.html? {% request.session.name
> %} doesn't work on base.html any clues?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/f9247737-44bd-4263-ace0-c1cf4d71fbde%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAMKMUjuLy%2BOSBHK_fX%3DRvoYsK0hzT1CY0NKfr8%2Bybk1Y_VMLfg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

django sessions

[Luka Lelashvili]

Hello, how can I access session in my base.html? {% request.session.name %} 
doesn't work on base.html any clues?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/f9247737-44bd-4263-ace0-c1cf4d71fbde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Django sessions not configuration issues for Heroku/Redis

[jesse]

Hello, I'm having issues with Django sessions on Heroku/Redis.

I expect to be able to login and stay logged in. Instead, user will 
continually be logged out and sessions do not persist.

I posted more details on Stack Overflow 
here: 
https://stackoverflow.com/questions/52535488/django-sessions-not-working-on-heroku-redis

I've seen others experiencing this same issue.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/427ef46d-7af8-49e0-ae82-0eca25dd8483%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Django sessions configuration issues in production with Heroku/Redis

[jesse]

Hello, I'm having trouble configuring Django sessions to be persistent.

I expect a user to be able to log in on first try and then stay logged in. 
Currently, it takes multiple tries to login and then the user is logged 
out. Sessions are clearly not persisting.

I posted a bounty for this on Stack Overflow: 
https://stackoverflow.com/questions/52535488/django-sessions-not-working-on-heroku-redis

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/0872b074-9451-49a4-ab1c-6081593c3eec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Web Architect]

Hi,

Thanks for the approach. On our site, customers have option to do guest 
checkout wherein users can make a purchase without getting 
registered/signing up. We are still using session information for such 
users. Hence, the session is kind of combined for logged in and not logged 
in users. The challenge is to figured out the sessions for logged in users 
(atleast I am not aware of how to do that in Django).  
Typically in businesses, users (specifically the masses and who aren't that 
tech savvy) prefer a flow that's smooth and hassle free though security 
definitely becomes an important aspect. Hence, the challenge is to combine 
the both.

I would certainly look into the approach you have suggested. 

Thanks. 

On Monday, August 20, 2018 at 2:08:30 PM UTC+5:30, Michal Petrucha wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On Fri, Aug 17, 2018 at 05:44:22AM -0700, Web Architect wrote: 
> > Hi, 
> > 
> > We are using persistent django sessions for our website where in the 
> > session information is stored in MySQL. Over last couple of years, the 
> > session data has grown to a huge number and we were planning to clean it 
> up. 
> > I know that there is a django management command 'clearsessions' and we 
> are 
> > using the same as a daily cronjob. 
> > But our challenge is we have long expiry timelines of like 100 years so 
> > that our users are never logged out (unless they clear their cookies 
> etc). 
> > Hence, the clearsessions won't help. 
> > 
> > The solution we are looking for are removing the sessions which are 
> never 
> > used for a long period. Let's say a user never came to our site for 3 
> > months after last logging in. We would like to purge those sessions. 
> Would 
> > really appreciate if anyone could suggest any such solution - be it in 
> > Django or if we need to custom build it. 
> > 
> > Thanks. 
>
> There is another de-facto standard solution to this problem, which 
> does not involve setting the session expiry to years – it's usually 
> referred to as “persistent authentication cookie”. That way, sessions 
> would expire after the usual short period of time, and it also makes 
> the persistent login feature optional for your users. 
>
> I haven't found a maintained package that would implement this for 
> Django applications, but you can find a bunch of material on this 
> topic. For example, this article seems to consider a lot of potential 
> attack vectors: 
>
> https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2
>  
>
> Michal 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v1 
>
> iQIcBAEBCgAGBQJben3lAAoJEHA7T/IPM/klRiMQAKnoqOWIrbQDiDcaARde9jl+ 
> SuPfHZP/H44t7z610+CC2D03C4hps+7acQWslH2S+WFL/+VUJPqytGTWsAJbs12A 
> /R+UaIlwDGFMeRBw2xdDusZtbE4t+atGS5PPgr8hEW89/op9/DruSed1cVxoUiBp 
> pwNwBst+cieNhtBYpXBUCe8mRxRegc8xCz/pKRw9ZycszYgB4rTpDVwOFMmxPWuS 
> rKDRgMsXhYQskiGWi5oSHQ8xEgxBeGXdv3HnlwCm9TenXs1gfVQwbRhG4btivCUD 
> nzhpUTtHx3PP5/uDK0GM87MqB6ufuf7H/7QXgFKTWBZxSeOXwaxICsxYaG54DMld 
> hYxFk36RtjufWgcffQooBfw3eavtzAnPdjlZzEI3ZYj5fPx9agGJf177JAVSCovS 
> bppF1QbipuIfQlLyv7gee8bR6a6uLEQZ4vp9NHrfqWjXYqmIDxubnVB5B1/d6yvG 
> S9liRlkoGAWC9tTS5ig03QV1b4nBlJIonKIRBecrfJXHw3G2WojY8HAiSyyz9A4P 
> S/XcvOzK7dWsw/NUmx84GkR3SGfFeQor3bVWUeBhG6BBOjZq6cj+MHa2gZswIIYa 
> d6dHRCa4hyDwBLZDaEbI4EDbIkrY82L87PD9KW+0xbBYojwysQz8pL/3WHc8F1NL 
> 0VXYCCnD/4/LdzywjR21 
> =njLP 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/fbcb5b75-de8b-43fb-a47e-5232b1c95212%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Web Architect]

Hi Avraham,

Thanks for the recommendation. Will take a look at the package. 

Thanks.

On Monday, August 20, 2018 at 1:00:03 PM UTC+5:30, Avraham Serour wrote:
>
> maybe something like this could be useful for your use case:
> https://pypi.org/project/django-session-timeout/
> it has an option for SESSION_EXPIRE_AFTER_LAST_ACTIVITY
>
>
> maybe this could also be useful for you: 
> https://django-session-security.readthedocs.io/en/latest/
>
>
>
> On Mon, Aug 20, 2018 at 8:34 AM Web Architect  > wrote:
>
>> Hi Jason,
>>
>> Thanks for your response.
>>
>> As mentioned in my earlier post...I have a long expiry date for the 
>> sessions (and hence, the cookies)  as we want our users to be always logged 
>> in or in session (till they clear their cookies). And that's what is 
>> causing the issue. 
>>
>> The goal is to keep the regular users logged in whereas flush out the non 
>> active users (even if their sessions haven't expired). Hence, was looking 
>> for a solution for the same. 
>>
>> Thanks.
>>
>> On Saturday, August 18, 2018 at 5:39:19 PM UTC+5:30, Jason wrote:
>>>
>>> With database sessions out of the box, no.
>>>
>>>
>>> https://github.com/django/django/blob/master/django/contrib/sessions/base_session.py
>>>
>>> You can see there are three attributes for a session model: key, data 
>>> and expire_date
>>>
>>> That said, since sessions are backed by browser cookies, django's 
>>> default is two weeks for session cookies as you can see at 
>>> https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-SESSION_COOKIE_AGE,
>>>  
>>> which are used here:  
>>> https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L225-L244
>>>
>>> So if you haven't altered that, all sessions expire in two weeks, and 
>>> you can just delete those expired sessions by using the clearsessions 
>>> management command 
>>> 
>>> .
>>>
>>> if you have changed that, then what Hemendra suggested above seems like 
>>> a reasonable approach, but one that is not backwards compatible if you 
>>> don't have a timestamp field for last access 
>>>
>>>
>>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/4794450f-ad83-4a00-96e3-f354745b322b%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c8c48fbf-e381-4867-ba7b-94e62c7dce1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Michal Petrucha]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, Aug 17, 2018 at 05:44:22AM -0700, Web Architect wrote:
> Hi,
> 
> We are using persistent django sessions for our website where in the 
> session information is stored in MySQL. Over last couple of years, the 
> session data has grown to a huge number and we were planning to clean it up.
> I know that there is a django management command 'clearsessions' and we are 
> using the same as a daily cronjob.
> But our challenge is we have long expiry timelines of like 100 years so 
> that our users are never logged out (unless they clear their cookies etc). 
> Hence, the clearsessions won't help. 
> 
> The solution we are looking for are removing the sessions which are never 
> used for a long period. Let's say a user never came to our site for 3 
> months after last logging in. We would like to purge those sessions. Would 
> really appreciate if anyone could suggest any such solution - be it in 
> Django or if we need to custom build it.
> 
> Thanks.

There is another de-facto standard solution to this problem, which
does not involve setting the session expiry to years – it's usually
referred to as “persistent authentication cookie”. That way, sessions
would expire after the usual short period of time, and it also makes
the persistent login feature optional for your users.

I haven't found a maintained package that would implement this for
Django applications, but you can find a bunch of material on this
topic. For example, this article seems to consider a lot of potential
attack vectors:
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2

Michal
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJben3lAAoJEHA7T/IPM/klRiMQAKnoqOWIrbQDiDcaARde9jl+
SuPfHZP/H44t7z610+CC2D03C4hps+7acQWslH2S+WFL/+VUJPqytGTWsAJbs12A
/R+UaIlwDGFMeRBw2xdDusZtbE4t+atGS5PPgr8hEW89/op9/DruSed1cVxoUiBp
pwNwBst+cieNhtBYpXBUCe8mRxRegc8xCz/pKRw9ZycszYgB4rTpDVwOFMmxPWuS
rKDRgMsXhYQskiGWi5oSHQ8xEgxBeGXdv3HnlwCm9TenXs1gfVQwbRhG4btivCUD
nzhpUTtHx3PP5/uDK0GM87MqB6ufuf7H/7QXgFKTWBZxSeOXwaxICsxYaG54DMld
hYxFk36RtjufWgcffQooBfw3eavtzAnPdjlZzEI3ZYj5fPx9agGJf177JAVSCovS
bppF1QbipuIfQlLyv7gee8bR6a6uLEQZ4vp9NHrfqWjXYqmIDxubnVB5B1/d6yvG
S9liRlkoGAWC9tTS5ig03QV1b4nBlJIonKIRBecrfJXHw3G2WojY8HAiSyyz9A4P
S/XcvOzK7dWsw/NUmx84GkR3SGfFeQor3bVWUeBhG6BBOjZq6cj+MHa2gZswIIYa
d6dHRCa4hyDwBLZDaEbI4EDbIkrY82L87PD9KW+0xbBYojwysQz8pL/3WHc8F1NL
0VXYCCnD/4/LdzywjR21
=njLP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/20180820083758.GS1181%40konk.org.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Avraham Serour]

maybe something like this could be useful for your use case:
https://pypi.org/project/django-session-timeout/
it has an option for SESSION_EXPIRE_AFTER_LAST_ACTIVITY


maybe this could also be useful for you:
https://django-session-security.readthedocs.io/en/latest/



On Mon, Aug 20, 2018 at 8:34 AM Web Architect  wrote:

> Hi Jason,
>
> Thanks for your response.
>
> As mentioned in my earlier post...I have a long expiry date for the
> sessions (and hence, the cookies)  as we want our users to be always logged
> in or in session (till they clear their cookies). And that's what is
> causing the issue.
>
> The goal is to keep the regular users logged in whereas flush out the non
> active users (even if their sessions haven't expired). Hence, was looking
> for a solution for the same.
>
> Thanks.
>
> On Saturday, August 18, 2018 at 5:39:19 PM UTC+5:30, Jason wrote:
>>
>> With database sessions out of the box, no.
>>
>>
>> https://github.com/django/django/blob/master/django/contrib/sessions/base_session.py
>>
>> You can see there are three attributes for a session model: key, data and
>> expire_date
>>
>> That said, since sessions are backed by browser cookies, django's default
>> is two weeks for session cookies as you can see at
>> https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-SESSION_COOKIE_AGE,
>> which are used here:
>> https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L225-L244
>>
>> So if you haven't altered that, all sessions expire in two weeks, and you
>> can just delete those expired sessions by using the clearsessions
>> management command
>> 
>> .
>>
>> if you have changed that, then what Hemendra suggested above seems like a
>> reasonable approach, but one that is not backwards compatible if you don't
>> have a timestamp field for last access
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/4794450f-ad83-4a00-96e3-f354745b322b%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAFWa6tK3vsiDj-zX62tNN9KMVbgd8wy4knEwL2BimYP_THfx9A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Web Architect]

Hi Jason,

Thanks for your response.

As mentioned in my earlier post...I have a long expiry date for the 
sessions (and hence, the cookies)  as we want our users to be always logged 
in or in session (till they clear their cookies). And that's what is 
causing the issue. 

The goal is to keep the regular users logged in whereas flush out the non 
active users (even if their sessions haven't expired). Hence, was looking 
for a solution for the same. 

Thanks.

On Saturday, August 18, 2018 at 5:39:19 PM UTC+5:30, Jason wrote:
>
> With database sessions out of the box, no.
>
>
> https://github.com/django/django/blob/master/django/contrib/sessions/base_session.py
>
> You can see there are three attributes for a session model: key, data and 
> expire_date
>
> That said, since sessions are backed by browser cookies, django's default 
> is two weeks for session cookies as you can see at 
> https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-SESSION_COOKIE_AGE,
>  
> which are used here:  
> https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L225-L244
>
> So if you haven't altered that, all sessions expire in two weeks, and you 
> can just delete those expired sessions by using the clearsessions 
> management command 
> 
> .
>
> if you have changed that, then what Hemendra suggested above seems like a 
> reasonable approach, but one that is not backwards compatible if you don't 
> have a timestamp field for last access 
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/4794450f-ad83-4a00-96e3-f354745b322b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Web Architect]

Hi Hemendra, 

Thanks for the workaround. Would look at it's feasibility in our existing 
scenario. 

Thanks.

On Saturday, August 18, 2018 at 3:58:10 PM UTC+5:30, HEMENDRA SINGH HADA 
wrote:
>
> Hi,
>
> I can suggest one thing it might be useful for you. For this you need to 
> create one more attribute in session table like *last activity,* which 
> will update every time when user is logged in and perform some action. 
> Write one middle-ware which will check the activity of each user and update 
> *last 
> activity *field in request repose cycle.
>
> I am not sure will this approach is acceptable for your current scenario.
>
> Thanks,
> Hemendra Singh
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/1c0d5eb4-cd3a-48ca-b2c8-23570c214537%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Mike Dewhirst]

On 18/08/2018 6:33 PM, Web Architect wrote:

Hi Mike,

Thanks for your response.

Ours is an ecommerce site and forcing logouts especially for our 
regular users, might not be desirable from business point of view .


I wasn't suggesting forcing logouts on a regular basis. I was thinking 
that doing so once would permit a clearing of the entire slate as you 
seemed to be thinking and only real users would create new sessions.


That might be appropriate after you implement one or other of the 
technical suggestions.


There is more to consider too. If it is an ecommerce site security is 
particularly important. Personally I wouldn't hesitate to let regular 
users know you have security at top-of-mind and that is behind any minor 
inconvenience. It might even be seen as a business bonus!







Hence, ideally we would like to keep sessions where users's last 
activity should be within a given time period like 3 months. We can 
force out the users who aren't active since last 3 months.


Is there a way to do that in django?

Thanks.

On Saturday, August 18, 2018 at 5:11:23 AM UTC+5:30, Mike Dewhirst wrote:

On 17/08/2018 10:44 PM, Web Architect wrote:
> Hi,
>
> We are using persistent django sessions for our website where in
the
> session information is stored in MySQL. Over last couple of
years, the
> session data has grown to a huge number and we were planning to
clean
> it up.
> I know that there is a django management command 'clearsessions'
and
> we are using the same as a daily cronjob.
> But our challenge is we have long expiry timelines of like 100
years
> so that our users are never logged out (unless they clear their
> cookies etc). Hence, the clearsessions won't help.
>
> The solution we are looking for are removing the sessions which are
> never used for a long period. Let's say a user never came to our
site
> for 3 months after last logging in. We would like to purge those
> sessions. Would really appreciate if anyone could suggest any such
> solution - be it in Django or if we need to custom build it.

What are the consequences of deleting all sessions and forcing a new
login for everyone?


>
> Thanks.
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from
it, send
> an email to django-users...@googlegroups.com 
> <mailto:django-users+unsubscr...@googlegroups.com >.
> To post to this group, send email to django...@googlegroups.com

> <mailto:django...@googlegroups.com >.
> Visit this group at https://groups.google.com/group/django-users
<https://groups.google.com/group/django-users>.
> To view this discussion on the web visit
>

https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com

<https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com>

>

<https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com?utm_medium=email_source=footer

<https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com?utm_medium=email_source=footer>>.

> For more options, visit https://groups.google.com/d/optout
<https://groups.google.com/d/optout>.

--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com 
<mailto:django-users+unsubscr...@googlegroups.com>.
To post to this group, send email to django-users@googlegroups.com 
<mailto:django-users@googlegroups.com>.

Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/a5867de1-730e-4d8c-93a1-0df41c65f595%40googlegroups.com 
<https://groups.google.com/d/msgid/django-users/a5867de1-730e-4d8c-93a1-0df41c65f595%40googlegroups.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/b9fad1b5-08d2-a931-7a07-2dd575a7122d%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Jason]

With database sessions out of the box, no.

https://github.com/django/django/blob/master/django/contrib/sessions/base_session.py

You can see there are three attributes for a session model: key, data and 
expire_date

That said, since sessions are backed by browser cookies, django's default 
is two weeks for session cookies as you can see at 
https://docs.djangoproject.com/en/2.1/ref/settings/#std:setting-SESSION_COOKIE_AGE,
 
which are used here:  
https://github.com/django/django/blob/master/django/contrib/sessions/backends/base.py#L225-L244

So if you haven't altered that, all sessions expire in two weeks, and you 
can just delete those expired sessions by using the clearsessions 
management command 

.

if you have changed that, then what Hemendra suggested above seems like a 
reasonable approach, but one that is not backwards compatible if you don't 
have a timestamp field for last access 


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/b10c3784-10ea-496e-8e62-2a212a7e8238%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[HEMENDRA SINGH HADA]

Hi,

I can suggest one thing it might be useful for you. For this you need to 
create one more attribute in session table like *last activity,* which will 
update every time when user is logged in and perform some action. Write one 
middle-ware which will check the activity of each user and update *last 
activity *field in request repose cycle.

I am not sure will this approach is acceptable for your current scenario.

Thanks,
Hemendra Singh


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/61033f3d-18cd-4302-abfb-4e6614257e1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Web Architect]

Hi Mike,

Thanks for your response. 

Ours is an ecommerce site and forcing logouts especially for our regular 
users, might not be desirable from business point of view . 

Hence, ideally we would like to keep sessions where users's last activity 
should be within a given time period like 3 months. We can force out the 
users who aren't active since last 3 months. 

Is there a way to do that in django?

Thanks.

On Saturday, August 18, 2018 at 5:11:23 AM UTC+5:30, Mike Dewhirst wrote:
>
> On 17/08/2018 10:44 PM, Web Architect wrote: 
> > Hi, 
> > 
> > We are using persistent django sessions for our website where in the 
> > session information is stored in MySQL. Over last couple of years, the 
> > session data has grown to a huge number and we were planning to clean 
> > it up. 
> > I know that there is a django management command 'clearsessions' and 
> > we are using the same as a daily cronjob. 
> > But our challenge is we have long expiry timelines of like 100 years 
> > so that our users are never logged out (unless they clear their 
> > cookies etc). Hence, the clearsessions won't help. 
> > 
> > The solution we are looking for are removing the sessions which are 
> > never used for a long period. Let's say a user never came to our site 
> > for 3 months after last logging in. We would like to purge those 
> > sessions. Would really appreciate if anyone could suggest any such 
> > solution - be it in Django or if we need to custom build it. 
>
> What are the consequences of deleting all sessions and forcing a new 
> login for everyone? 
>
>
> > 
> > Thanks. 
> > -- 
> > You received this message because you are subscribed to the Google 
> > Groups "Django users" group. 
> > To unsubscribe from this group and stop receiving emails from it, send 
> > an email to django-users...@googlegroups.com  
> > <mailto:django-users+unsubscr...@googlegroups.com >. 
> > To post to this group, send email to django...@googlegroups.com 
>  
> > <mailto:django...@googlegroups.com >. 
> > Visit this group at https://groups.google.com/group/django-users. 
> > To view this discussion on the web visit 
> > 
> https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com
>  
> > <
> https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com?utm_medium=email_source=footer>.
>  
>
> > For more options, visit https://groups.google.com/d/optout. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/a5867de1-730e-4d8c-93a1-0df41c65f595%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to delete least recently used not expired django sessions?

[Mike Dewhirst]

On 17/08/2018 10:44 PM, Web Architect wrote:

Hi,

We are using persistent django sessions for our website where in the 
session information is stored in MySQL. Over last couple of years, the 
session data has grown to a huge number and we were planning to clean 
it up.
I know that there is a django management command 'clearsessions' and 
we are using the same as a daily cronjob.
But our challenge is we have long expiry timelines of like 100 years 
so that our users are never logged out (unless they clear their 
cookies etc). Hence, the clearsessions won't help.


The solution we are looking for are removing the sessions which are 
never used for a long period. Let's say a user never came to our site 
for 3 months after last logging in. We would like to purge those 
sessions. Would really appreciate if anyone could suggest any such 
solution - be it in Django or if we need to custom build it.


What are the consequences of deleting all sessions and forcing a new 
login for everyone?





Thanks.
--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com 
<mailto:django-users+unsubscr...@googlegroups.com>.
To post to this group, send email to django-users@googlegroups.com 
<mailto:django-users@googlegroups.com>.

Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com 
<https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com?utm_medium=email_source=footer>.

For more options, visit https://groups.google.com/d/optout.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/e396dbd3-8093-197c-17d6-882e757f73f4%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.

How to delete least recently used not expired django sessions?

[Web Architect]

Hi,

We are using persistent django sessions for our website where in the 
session information is stored in MySQL. Over last couple of years, the 
session data has grown to a huge number and we were planning to clean it up.
I know that there is a django management command 'clearsessions' and we are 
using the same as a daily cronjob.
But our challenge is we have long expiry timelines of like 100 years so 
that our users are never logged out (unless they clear their cookies etc). 
Hence, the clearsessions won't help. 

The solution we are looking for are removing the sessions which are never 
used for a long period. Let's say a user never came to our site for 3 
months after last logging in. We would like to purge those sessions. Would 
really appreciate if anyone could suggest any such solution - be it in 
Django or if we need to custom build it.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/57001ae7-1361-43ed-98e3-a9ec072444fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Using Django Sessions

[Derek Zeng]

You can have a flag in cart class to mark if things are cleared. Then in the 
__iter__ function, check the flag before getting the keys.

If you do this you also need to add the check in add/remove and others 
accordingly.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/a873da51-fe3b-4a75-ba40-7fe6d26fff31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Using Django Sessions

[Manu Febie]

Hello,

I am practicing for my college exams. I am building a Restaurant Order 
System with Django and I am using Django sessions for the first. I borrowed 
some ideas from the "Django by example".

Below you can find the MenuItem model and Order Model.

class MenuItem(models.Model):
   category = models.ForeignKey(Category, related_name='menu_items')
   # table ???
   name = models.CharField(max_length=255, db_index=True)
   slug = models.SlugField(max_length=255, db_index=True, default='')
   description = models.TextField(blank=True)
   image = models.ImageField(upload_to='menu_items/%Y/%m/%d', blank=True)
   price = models.DecimalField(max_digits=10, decimal_places=2)
   available = models.BooleanField(default=True)
   added_on = models.DateTimeField(auto_now_add=True)
   updated = models.DateTimeField(auto_now=True)


class Order(models.Model):
STATUS_CHOICES = (
('in behandeling', 'In behandeling'),
('klaar', 'Klaar')
)
# random_id = models.CharField(max_length=255)
table = models.ForeignKey(settings.AUTH_USER_MODEL)
item = models.ForeignKey(MenuItem, related_name='order_items')
price = models.DecimalField(max_digits=10, decimal_places=2)
quantity = models.PositiveIntegerField(default=1)
status = models.CharField(max_length=50, choices=STATUS_CHOICES, default='in 
behandeling')
paid = models.BooleanField(default=False)
timestamp = models.DateTimeField(auto_now_add=True)


Below you can find a Cart class which handles adding, removing, iterating 
etc. over the Menu Items using Django sessions. What I need is a function 
in this class that only clears the items I have in the cart, but I still 
need the total price. Right now I have the "clear" function which removes 
the entire cart from the session. But since I am kinda confused on how to 
do this I need some help. 

from decimal import Decimal
from django.conf import settings

from menu.models import MenuItem


class Cart:
   
   def __init__(self, request):
   self.session = request.session
   cart = self.session.get(settings.CART_SESSION_ID)
   if not cart:
   cart = self.session[settings.CART_SESSION_ID] = {}
   self.cart = cart

def add(self, menu_item, quantity=1, update_quantity=False):
   # Add a menu item to the cart or update its quantity
   menu_item_id = str(menu_item.id)

if menu_item_id not in self.cart:
   self.cart[menu_item_id] = {'quantity': 0,
  'price': str(menu_item.price)}
   
   if update_quantity:
   self.cart[menu_item_id]['quantity'] = quantity
   else:
   self.cart[menu_item_id]['quantity'] += quantity
   self.save()

def save(self):
   # Update the session cart
   self.session[settings.CART_SESSION_ID] = self.cart
   # Mark the session as "modified" to make sure its saved
   self.session.modified = True

def remove(self, menu_item):
   # Remove a product from the cart
   menu_item_id = str(menu_item.id)
   if menu_item_id in self.cart:
   del self.cart[menu_item_id]
   self.save()

def __iter__(self):
   # Iterate over the item in the cart and get the products from the DB
   menu_item_ids = self.cart.keys()
   # get thte product objects and add them to the cart
   menu_items = MenuItem.objects.filter(id__in=menu_item_ids)
   
   for menu_item in menu_items:
   self.cart[str(menu_item.id)]['menu_item'] = menu_item

for item in self.cart.values():
   item['price'] = Decimal(item['price'])
   item['total_price'] = item['price'] * item['quantity']
   yield item

def __len__(self):
   # Count all the items in the cart
   return sum(item['quantity'] for item in self.cart.values())

def get_total_price(self):
   return sum(Decimal(item['price']) * item['quantity'] for item in self
.cart.values())

def clear(self):
   # Remove cart from the session
   del self.session[settings.CART_SESSION_ID]
   self.session.modified = True

And below here you'll find the view that handles saving the items in the 
request cart in to the Order model. Instead of calling the cart.clear() 
function I need to call a function that removes the ordered items from the 
cart while still having the total price in this session.

@login_required
def create_order(request):
   cart = Cart(request)
   
   if request.method == 'POST':
   for item in cart:
   Order.objects.create(table=request.user,
item=item['menu_item'],
price=item['price'],
quantity=item['quantity'])
   cart.clear()
   return render(request, 'orders/order_success.html', {'cart': cart})
   
   return render(request, 'cart/cart_detail.html', {'cart': cart})

I hope my question is clear and someone can help me with this. 

-- 
You received this message because you are subscribed

Handle django sessions when doing file-operations

[sachin]

Hello guys,

Need your help again.

I m writing an app which does following file/dir operations: 

1. Create a directory
2. Untar contents of some tarballs into it.
3. Do some more file operations like create a new file, open it for 
appending more text, finally cose it(file content varies upon per-user 
selection).
4. Now copy this file to that directory where I have extracted tarballs.
5. Finally make a tarball of that directory and serve it for download.

Extraction of tarballs and file-content is dependent on user. So every user 
may have his/her own selections.
Previously I have used "response['Content-Disposition']" but then I had a 
single file to operate on. But now the complexity has changed.
So when multiple users select different content the app crashes as it gets 
confused. All the operation mentioned above is done in the directory 
called "temp" within the root of the project directory.

I need to handle this using django-sessions. I need some pointer/examples 
so that I can solve this issue.

More about this app: https://github.com/psachin/haqiba

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c5e33aca-a82f-4d10-9004-558a9f2ed966%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

How to store an object in django sessions framework

[shiva krishna]

I have an django and i am trying to store an object in django session 
varaible, and trying to access that in the redirected view, but its showing 
`keyerror`  as below

def payment(request):
if request.method == 'POST':
form = CardForm(request.POST)
if form.is_valid():
data = form.cleaned_data
response = response_from_payment_gateway(data)
request.session['response'] = response
return 
HttpResponseRedirect(reverse('paygate:payment_success'))
else:
form = CardForm(initial={'number':'4242424242424242'})
return render_to_response('payment_form.html',{'form': form})


def PaymentSuccess(request):
print request.session['response'],"=>"
response = None
return render_to_response("payment_success.html", 
{'response':response}, context_instance=RequestContext(request))


**Result**

Internal Server Error: /payment/success/
Traceback (most recent call last):
  File 
"/home/Envs/app/local/lib/python2.7/site-packages/django/core/handlers/base.py",
 
line 115, in get_response
response = callback(request, *callback_args, **callback_kwargs)
  File "/home/user/virtualenvironment/apps/app/payment/views.py", line 
120, in PaymentSuccess
print request.session['response'],"=>"
  File 
"/home/Envs/app/local/lib/python2.7/site-packages/django/contrib/sessions/backends/base.py",
 
line 46, in __getitem__
return self._session[key]
KeyError: 'response'


So i am getting back a response object from the payment gateway that 
contains the transaction details, and i am trying to save that in `session 
framework variable` called `response` as above.

And i am trying to access the variable called `response` in the redirected 
view `PaymentSuccess` as `request.session['response']`, and getting the 
above mentioned error.

so how can we send/save the objects in the `sessions` in django ?

In above the response object will be of the following form 

{'status': 'SUCCESS', 'response':  JSON: {
  "amount": 100, 
  "amount_refunded": 0, 
  "balance_transaction": "txxxn_O", 
  "captured": true, 
 "currency": "usd", 
  "customer": null, 
  "description": null, 
}}

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Django Sessions - HttpResponseRedirect

[M Oklah]

I saw that post and set request.session.modified = True before redirecting
in the view with no luck!

Any other ideas?

Thanks,

-Moe

On Sun, Jul 1, 2012 at 4:08 PM, Alagappan  wrote:

> I think someone has faced a similar issue as yours. Find more details at:
>
> http://stackoverflow.com/questions/6950077/session-id-changes-when-using-redirect-in-view
>
> Regards,
> Alagappan
>
> On Sun, Jul 1, 2012 at 6:19 PM, M Oklah  wrote:
>
>>
>> Hello,
>>
>> Why is it that the session id changes after a redirect is initiated from
>> a view function? This is basically the scenario, after the browser makes a
>> POST request to a custom login() view function, the view function
>> authenticates the user and redirects (302) the user back to a page, but the
>> redirect response from the server is instructing the browser to change the
>> session id. Is this the expected behavior? Please see the HTTP
>> Response/Redirect below..
>>
>> http://127.0.0.1:8000/guest/login/
>>
>> POST /guest/login/ HTTP/1.1
>> Host: 127.0.0.1:8000
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0)
>> Gecko/20100101 Firefox/13.0.1
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> Accept-Language: en-us,en;q=0.5
>> Accept-Encoding: gzip, deflate
>> Connection: keep-alive
>> Referer: http://127.0.0.1:8000/
>> Cookie: csrftoken=waqBLcwTQXnnZHzSdpDkgyFh3IqcVMzY; *
>> sessionid=e658157220dfca598cb1ab271a28970f;*__utma=96992031.449557637.1341146315.1341146315.1341146315.1;
>> __utmb=96992031.2.10.1341146315; __utmc=96992031;
>> __utmz=96992031.1341146315.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
>> djdt=hide
>> Content-Type: application/x-www-form-urlencoded
>> Content-Length: 94
>> csrfmiddlewaretoken=waqBLcwTQXnnZHzSdpDkgyFh3IqcVMzY=X=X=38=6
>>
>>
>>
>> HTTP/1.0 302 FOUND
>> Date: Sun, 01 Jul 2012 12:39:23 GMT
>> Server: WSGIServer/0.1 Python/2.7.1
>> Vary: Accept-Language, Cookie
>> X-Frame-Options: SAMEORIGIN
>> Content-Type: text/html; charset=utf-8
>> Location: http://127.0.0.1:8000/
>> Content-Language: en-us
>> Set-Cookie: *sessionid=e6a5292ff37521bc223840a3b5da8acb;* expires=Sun,
>> 15-Jul-2012 12:39:23 GMT; httponly; Max-Age=1209600; Path=/
>>
>>
>>
>> Thanks,
>>
>> -Moe
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To post to this group, send email to django-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-users+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Django Sessions - HttpResponseRedirect

[M Oklah]

Hello,

Why is it that the session id changes after a redirect is initiated from a
view function? This is basically the scenario, after the browser makes a
POST request to a custom login() view function, the view function
authenticates the user and redirects (302) the user back to a page, but the
redirect response from the server is instructing the browser to change the
session id. Is this the expected behavior? Please see the HTTP
Response/Redirect below..

http://127.0.0.1:8000/guest/login/

POST /guest/login/ HTTP/1.1
Host: 127.0.0.1:8000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0)
Gecko/20100101 Firefox/13.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://127.0.0.1:8000/
Cookie: csrftoken=waqBLcwTQXnnZHzSdpDkgyFh3IqcVMzY; *
sessionid=e658157220dfca598cb1ab271a28970f;*__utma=96992031.449557637.1341146315.1341146315.1341146315.1;
__utmb=96992031.2.10.1341146315; __utmc=96992031;
__utmz=96992031.1341146315.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
djdt=hide
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
csrfmiddlewaretoken=waqBLcwTQXnnZHzSdpDkgyFh3IqcVMzY=X=X=38=6



HTTP/1.0 302 FOUND
Date: Sun, 01 Jul 2012 12:39:23 GMT
Server: WSGIServer/0.1 Python/2.7.1
Vary: Accept-Language, Cookie
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Location: http://127.0.0.1:8000/
Content-Language: en-us
Set-Cookie: *sessionid=e6a5292ff37521bc223840a3b5da8acb;* expires=Sun,
15-Jul-2012 12:39:23 GMT; httponly; Max-Age=1209600; Path=/



Thanks,

-Moe

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Hooking into Django Sessions

[Tom Evans]

On Mon, May 7, 2012 at 7:48 AM, M Oklah  wrote:
>
> Hello,
>
> Is it possible to hook into Django so that a user defined callback method is
> executed each time a session expires?
>
>
> Thanks,
>
> -Moe
>

Yes/no/maybe. Depends what you want to do.

First of all, nothing happens when sessions 'expire'. I say 'expire',
because nothing actually changes. The session has an expiry date, and
when you try to use a session after its expiry date has passed, you
will get a new session.

Another thing to note is that Django does not clean expired sessions
by default. Expired sessions will live forever* in the backend. Django
provides a management command that you can run that cleans expired
sessions from the session backend.

If you use the database session backend however, then sessions are
simply models. You can attach signals to model deletion, and if you
clean your session backend frequently, then your signal will get
called for each expired session.

It won't happen the moment your session expires, only when the session
is deleted. That might be enough for you, it might not.

Cheers

Tom

* Not forever. Until a new session key collides with an existing
(expired) session.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Hooking into Django Sessions

[M Oklah]

Hello,

Is it possible to hook into Django so that a user defined callback method
is executed each time a session expires?


Thanks,

-Moe

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django sessions issue

[aa56280]

> You better show some code now...

My urls.py has the following entry:
(r'^accounts/logout/$', 'django.contrib.auth.views.logout',
{'next_page' : '/'})

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django sessions issue

[Tom Evans]

On Fri, Jun 4, 2010 at 8:45 PM, aa56280  wrote:
>> How are you logging out? Are you sure you are calling
>> django.contrib.auth.logout() ?
>
> Yup, I'm calling django.contrib.auth.views.logout()
>

You better show some code now...

Cheers

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django sessions issue

[aa56280]

> How are you logging out? Are you sure you are calling
> django.contrib.auth.logout() ?

Yup, I'm calling django.contrib.auth.views.logout()

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django sessions issue

[Tom Evans]

On Thu, Jun 3, 2010 at 9:06 PM, aa56280  wrote:
> Django's docs say: "When a user logs in, Django adds a row to the
> django_session database table. Django updates this row each time the
> session data changes. If the user logs out manually, Django deletes
> the row. But if the user does not log out, the row never gets
> deleted."
>
> I'm logging out of my app but I notice that the row DOES NOT get
> deleted. Is there something I'm missing here?
>

How are you logging out? Are you sure you are calling
django.contrib.auth.logout() ?

Cheers

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Django sessions issue

[aa56280]

Django's docs say: "When a user logs in, Django adds a row to the
django_session database table. Django updates this row each time the
session data changes. If the user logs out manually, Django deletes
the row. But if the user does not log out, the row never gets
deleted."

I'm logging out of my app but I notice that the row DOES NOT get
deleted. Is there something I'm missing here?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django Sessions / Multidimensional List

[Rama Vadakattu]

please have a look at this section
http://docs.djangoproject.com/en/dev/topics/http/sessions/#when-sessions-are-saved

--rama

On Jul 2, 2:15 am, bjoern_mainz  wrote:
> Hi,
>
> what i try do do is (in plain python):
>
> products = []
> products.append({"product" : "foo","quantity": 5})
> products.append({"product": "foz","quantity": 1})
>
> ---Django---
>
> def add_to_basket(request):
>
>         if not 'products' in request.session:
>                 request.session['products']=[]
>
>         product = {}
>         for k,v in request.POST.items():
>                 product[k]=v
>
>         request.session['products'].append(product)
>
>         return render_to_response('addtobasket.html', {'products':
> request.session['products']})
>
> ---/Django---
>
> This is not working as i expected it.
>
> Just two elements are added. When trying to add a third element - the
> second one is overwritten.
>
> i am using OS X 10.5, Python 2.5 and Django 1.0.2
>
> Thx a lot,
>
> Bjoern
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Django Sessions / Multidimensional List

[bjoern_mainz]

Hi,

what i try do do is (in plain python):

products = []
products.append({"product" : "foo","quantity": 5})
products.append({"product": "foz","quantity": 1})

---Django---

def add_to_basket(request):

if not 'products' in request.session:
request.session['products']=[]

product = {}
for k,v in request.POST.items():
product[k]=v

request.session['products'].append(product)

return render_to_response('addtobasket.html', {'products':
request.session['products']})

---/Django---

This is not working as i expected it.

Just two elements are added. When trying to add a third element - the
second one is overwritten.

i am using OS X 10.5, Python 2.5 and Django 1.0.2

Thx a lot,

Bjoern


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---