django-qsessions is a session backend for Django that extends Django's cached_db session backend
and Session model to add following features:
- Sessions have a foreign key to User
- Sessions store IP and User Agent
Here is a brief comparison between Django's session backends (db, cache, cached_db), django-user-sessions, and django-qsessions.
| db | cache | cached_db | django-user-sessions | django-qsessions | |
|---|---|---|---|---|---|
| Better Performance | ✔✔ | ✔ | ✔ | ||
| Persistent | ✔ | ✔ | ✔ | ✔ | |
| Foreign Key to User | ✔ | ✔ | |||
| Store IP and User Agent | ✔ | ✔ |
| Python version | Django versions |
|---|---|
| 3.6 | 2.0, 1.11, 1.10 |
| 3.5 | 2.0, 1.11, 1.10 |
| 3.4 | 2.0, 1.11, 1.10 |
| 2.7 | 1.11, 1.10 |
Please note that if your system is in production and there are lots of active sessions using another session backend, you need to migrate them manually. We have no migration script.
First, make sure you've configured your cache. If you have multiple caches defined in
CACHES, Django will use the default cache. To use another cache, setSESSION_CACHE_ALIASto the name of that cache.Install the latest version from PyPI:
pip install django-qsessions
In settings:
- In
INSTALLED_APPSreplace'django.contrib.sessions'with'qsessions'. - In
MIDDLEWAREorMIDDLEWARE_CLASSESreplace'django.contrib.sessions.middleware.SessionMiddleware'with'qsessions.middleware.SessionMiddleware'. - Set
SESSION_ENGINEto'qsessions.backends.cached_db'.
- In
Run migrations to create
qsessions.models.Sessionmodel.python manage.py migrate qsessions
For enabling location detection using GeoIP2 (session.location):
Install
geoip2package:pip install geoip2
Set
GEOIP_PATHto a directory for storing GeoIP2 database.Run the following command to download latest GeoIP2 database. You can add this command to a cron job to update GeoIP2 DB automatically.
python manage.py download_geoip_db
django-qsessions has a custom Session model with following fields:
user, user_agent, created_at, updated_at, ip.
Getting a user's sessions:
user.session_set.filter(expire_date__gt=timezone.now())Deleting a session:
# Deletes session from both DB and cache
session.delete()Logout a user:
for session in user.session_set.all():
session.delete()Session creation time (user login time):
>>> session.created_at
datetime.datetime(2018, 6, 12, 17, 9, 17, 443909, tzinfo=<UTC>)IP and user agent:
>>> session.ip
'127.0.0.1'
>>> session.user_agent
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36'And if you have configured GeoIP2, you can call .location():
>>> session.location()
'Tehran, Iran'Admin page:
- Please note that bulk deleting sessions (
user.session_set.all().delete()) does not properly delete sessions. It only deletes them from database, and they will remain in cache. But callingdeleteon a single session deletes it from both DB and cache. Contributions on fixing this are welcome. session.updated_atis not the session's last activity. It's updated each time the session object in DB is saved. (e.g. when user logs in, or when ip, user agent, or session data changes)
django-user-sessions has the same functionality,
but it's based on db backend. Using a cache will improve performance.
We got ideas and some codes from django-user-sessions. Many thanks to Bouke Haarsma for writing django-user-sessions.
- Install development dependencies in your virtualenv with pip install -e .[dev]
- Run tests with coverage using py.test --cov .
- Write better documentation.
- Explain how it works (in summary)
- Add more details to existing documentation.
- Write more tests
- Performance benchmark (and compare with Django's cached_db)
Contributions are welcome!
MIT