I can't seem to find the the signal that tie with a 'session created' .
I'm aware of auth signals , but what i want is to populate a session variable for anonymous users.
What am i missing ?
Thanks in Advance
To store a session variable for anonymous users, you can do something as simple as request.session['something'] = True (or whatever value you want) in the appropriate view. And if you're trying to see if you've seen an anonymous user before, you can just test for the existence of the 'something' key.
Under the hood, django handles cookie setting and creates a session for an anonymous user if you modify the session variable. If the anonymous user already has a session, it simply records the modified state.
Take a look at the session docs: https://docs.djangoproject.com/en/dev/topics/http/sessions/ for more details. It's pretty sophisticated.
Finally, don't forget to clean expired sessions periodically with ./manage.py clearsessions if sessions are stored in a persistent store.
Related
I am designing a REST app in django, which I intend people to use without a browser (just direct API calls with curl or whatnot). I have several different views where I want to pull in information about the session based on values that may have been a acquired from previous calls to other views. It seems that every time a view is called the "request" object passed in is an entirely new session, so I'm wondering how I can persist values the "correct" way?
Example code:
def login(request):
...
##I want to assign a token value to this session that is persisted to the entity requesting it
request.session['token'] = response.json()['auth']
...
def grabSomeValues(request):
...
##I want to grab the session token value in here but of course the request object in the case is a completely new one that does not have that token value it seems
print(request.session['token']
....
I think Middleware would help you.
The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis.
https://docs.djangoproject.com/en/2.2/topics/http/sessions/
How can I change the session key used by a django session? I'd like to support multiple simultaneous sessions in the same browser by specifying an ID in the URL and then incorporating that ID in the session key.
I've tried simply:
request.session.session_key += key
But I get an AttributeError saying that I "can't set attribute".
You could achieve this by writing your own SessionMiddleware (based of Django's django.contrib.sessions.middleware.SessionMiddleware) which supports looking up and storing multiple seperate sessions linked to the same user.
Have a look at the source of the SessionMiddlware, it seems that it quite simply gets a cookie by the name of 'sessionid' (by default), creates a enging.SessionStore instance and stores it as a 'session' attribute of the request instance.
You could theoretically do the same only getting/setting your own cookie names (i.e postfixed with the identifier passed in the request params), and store it in your own attribute (i.e request.custom_sessions) and then be able to use it wherever a request instance is available.
When a new user is created, I want to retain some of the information in their session
e.g. things a user has stored in their session I want to use once they have registered (or logged in).
I would use either a post_save signal on the user model (or an auth login signal), but it appears that the signals don't put the request, or session into the signal sent. It also seems I can't easily get the session from just the user.
I'm using Django 1.4
Edit: let me give an example.
The problem boils down to this - I may want to retain information for a user's activities before they login, but where do I store this information before they login? A good place would be a session (or I could link the data held in a db to the session, using the session a little like a makeshift user).
In any case, until they login, I can simply use their session like a user credential, and store information that persists so long as their cookie does (how else can could I reliably track an anonymous user?).
But once they register (or log-in), I want to move that information from the session, into the account properly. One good reason is that it would make sense to delete data from anonymous users periodically, whereas registered user's data would be persisted.
To do this I simply want access to the session (could be via the request) from a handler to the new-user signal, so I can make a one-off transfer from data in the session. But the new-user signal doesn't hold the session (or request).
If you're using django.contrib.sessions and django.contrib.auth for the job, the session data should be retained automatically after login.
Moreover, the user_logged_in signal is sent along with request actually.
Edit:
So use user_logged_in signal. It carries request. Pick some specific key to store unauthenticated user's data (e.g. "_anonymous_data"). If that key is set on request.session while handeling signal, simply rewrite data on request.user.get_profile() object, call save and del request.session["_anonymous_data"].
The code to retreive it could look something like:
if request.user.is_authenticated():
user_data = request.user.get_profile()
else:
user_data = requerst.session["_anonymous_data"]
It's only a scratch of course. You don't want to hardcode session keys or write such logic in views. If you need it application wide, embed it in some abstraction class which takes request in __init__.
you could try using sessions:
https://docs.djangoproject.com/en/dev/topics/http/sessions/?from=olddocs
In Django there is a method called getContext, which retrieves session data, template vars, and everything in the correct "context".
I am now programming in Joomla, and making some components and for debugging I am looking for a way to see all the session vars. Just to look at them and see what is available during specific requests. So, I have searched the api and I know how to get stuff out of the session by keyword, but nothing to see all session store vars.
Any Ideas?
get the session or you can get all session $_SESSION or via session table of joomla else you can get by session name using $session->get();
$session =& JFactory::getSession();
for get user session
$session->get('user');
for set any session
$session->set('user',$user);
How can I do this
request.session['key'] = 'value'
for the user which user_id is 47?
Keep in mind that I'm not currently logged in with that user, I want to do it in shell.
See the section of the Session docs entitled "Using sessions out of views".
The problem though is that Django doesn't store the user with the session (by design, for security purposes). So the only way to retrieve a session is through it's key. That key is stored with the user's client and passed to the server to associate the session with the logged in user. In other words, you're going to have a hard time determining which session belongs to which user.
More to the point, the session data is actually encrypted in the database as well, so there's not even any way to query directly for the user id stored in it. The following will work, but you'll have to query each session one by one to get the right user. Depending on how many sessions your database currently has, this could be extremely expensive. Mark as USE AT YOUR OWN RISK
from django.contrib.sessions.models import Session
from django.contrib.sessions.backends.db import SessionStore
for session in Session.objects.all():
data = SessionStore().decode(session.session_data)
if data.get('_auth_user_id') == user_id_you_want:
user_session = SessionStore(session_key=session.session_key)
# you can modify the session data here like normal, then:
user_session.save()
The answer depends entirely on the session storage/engine you're using.
So, the generic answer would be: Wherever the session is being stored, modify it there.
For the database backend: UPDATE django_session SET session_data=[whatever] WHERE session_key=[whatever];
You'll also need the session key and the AES key stored in the client browser.
Alternatively, send them to a controller that updates the session.