Joomla Session Variables - django

In Django there is a method called getContext, which retrieves session data, template vars, and everything in the correct "context".
I am now programming in Joomla, and making some components and for debugging I am looking for a way to see all the session vars. Just to look at them and see what is available during specific requests. So, I have searched the api and I know how to get stuff out of the session by keyword, but nothing to see all session store vars.
Any Ideas?

get the session or you can get all session $_SESSION or via session table of joomla else you can get by session name using $session->get();
$session =& JFactory::getSession();
for get user session
$session->get('user');
for set any session
$session->set('user',$user);

Related

Is possible to set protected cookie to Electron JS app?

I have an Electron application and I use a webview to login google to use some functions of a website. Each user can login with him account and will have his functions. When they login, a cookie has ben set to keep the session. But when I logout from this user and login with another in my application, the cookie continues set. I try to use store to save al user cookies but when I try to set them again I've seen that there are a protected Cookie called "__Host-GAPS".
As I read all cookies starting with "__Host" and "__Secure" are protected and only can be initialized without domain. But I need the domain, because the original cookie has it, and if I don't put it, I lose the session. When I put the domain I receive this error: "Failed to parse cookie".
I also tried to create a session from partition, but the cookies never saves on this new session, always on the default session.
I create a new BrowserWindow setting the partition session on webPreferences.
Can anyone helps me? Which is the best way to separate the cookies of each user? How can I restore protected cookies?
Thank you
Finally I found the solution. The best way to do this is to use partition in the webview. I use the next code:
<webview id="myWebview" style="height: 600px;" src="https://website.com" partition="getPartition()"></webview>
Where getPartition() function returns 'perist:' + userToken.

Run method on session expire Django

I'm using session to store an object id and its description, this instance should be blocked to all other users while it is beign used in someone's session, and I would like to release the user object once he closes the browser, now I'm aware there is a configuration to expire sessions on browser close, I was just wandering if there is any entry point where I could add some custom code
What I'm trying to achieve is something like
def OnSessionExpire(???):
#release my objects
I've searched around but found no answer, can someone lay a help here? I'm using the backend session mode
Thank you !
Django doesn't do anything at all when the browser closes. Django doesn't even know - how can it: the only time Django knows anything about what you do in the browser is when you make a request to the server, but closing the browser is the opposite of making a request.
Session expiry on browser close is an attribute of the session cookie, not anything that Django does. It just means that the cookie is set with a flag that tells the browser not to persist it when it closes. The actual session data remains in Django's session store, and will do until you explicitly clear it, but is not accessible because the cookie has been removed.
So, the upshot of that is that there is no way to tell explicitly when a session ends. The only thing you can do is to send regular keepalive signals - eg via Ajax - while the session is open, and taken an action if you haven't seen any for a while.

How to secure local storage and clear it on browser close in ember-simple-auth?

I am using ember-simple-auth for authentication in my ember-cli application. It seems that ember-simple-auth is storing the session in local storage which doesn't seem to be secure.
I have following two questions:
I can see the session data and also able to modify it. How do I
secure this session data?
How do I clear this storage on browser close? My session and it's data are still active after I close and reopen the browser.
Thanks.
1) you cannot "secure" that data. You could encrypt it but that would be pointless as the encryption/decryption code would be open to the user as is all the other JS code of your app
2) if you don't want the session to be persisted you could either use the ephemeral store (in that case the session wouldn't survive a page reload though and you'd lose tab/window synchronization) or you could use the cookie based store which uses a session cookie by default that's deleted when the browser is closed.

why cookie is set in response but session in request?

I know how session and cookies work. I am doing an online course on django where a function for setting language preference in session and cookie is written in views.py. I do not understand why cookie is set on response but session on request. The instructor mentioned it works the same in PHP or any other web framework.
but he did not explain why? can some one explain why?
Here is the function:
def language(request,language=“en-us”):
response=HttpResonse(“setting language to %s” %language)
response.set_cookie(‘lang’,language)
request.session[‘lang’]=language
return response
I will talk about Java but it shall be similar in django. Session attributes are accesible in servlets and jsp in similar way like request parameters. You can look at it like server side stored request parameters. Some frameworks like JSF even use request scope to store session variable. So basicly you can look at session as request decorator which puts value stored in web container.

A signal that a session has been created ? [for anonymous user]

I can't seem to find the the signal that tie with a 'session created' .
I'm aware of auth signals , but what i want is to populate a session variable for anonymous users.
What am i missing ?
Thanks in Advance
To store a session variable for anonymous users, you can do something as simple as request.session['something'] = True (or whatever value you want) in the appropriate view. And if you're trying to see if you've seen an anonymous user before, you can just test for the existence of the 'something' key.
Under the hood, django handles cookie setting and creates a session for an anonymous user if you modify the session variable. If the anonymous user already has a session, it simply records the modified state.
Take a look at the session docs: https://docs.djangoproject.com/en/dev/topics/http/sessions/ for more details. It's pretty sophisticated.
Finally, don't forget to clean expired sessions periodically with ./manage.py clearsessions if sessions are stored in a persistent store.