Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mxsasha/django-restricted-sessions

Restrict Django sessions to IP and/or user agent.
https://github.com/mxsasha/django-restricted-sessions

Last synced: 2 days ago
JSON representation

Restrict Django sessions to IP and/or user agent.

Host: GitHub
URL: https://github.com/mxsasha/django-restricted-sessions
Owner: mxsasha
License: bsd-3-clause
Created: 2014-02-17T13:25:23.000Z (over 10 years ago)
Default Branch: main
Last Pushed: 2023-06-02T11:12:46.000Z (over 1 year ago)
Last Synced: 2024-05-07T10:42:56.982Z (6 months ago)
Language: Python
Homepage: https://django-restricted-sessions.readthedocs.org
Size: 48.8 KB
Stars: 80
Watchers: 8
Forks: 24
Open Issues: 0
Metadata Files:
- Readme: README.rst
- Changelog: HISTORY.rst
- Contributing: CONTRIBUTING.rst
- License: LICENSE

Awesome Lists containing this project

awesome-django-security - Django Restricted Sessions

README

        =============================

django-restricted-sessions

=============================

.. image:: https://badge.fury.io/py/django-restricted-sessions.png

    :target: http://badge.fury.io/py/django-restricted-sessions

.. image:: https://travis-ci.org/mxsasha/django-restricted-sessions.png?branch=master

    :target: https://travis-ci.org/mxsasha/django-restricted-sessions

.. image:: https://coveralls.io/repos/mxsasha/django-restricted-sessions/badge.png?branch=master&

    :target: https://coveralls.io/r/mxsasha/django-restricted-sessions?branch=master

Restricts Django sessions to IP and/or user agent.

If the IP or user agent changes after creating the session, the a 400 response is given to the request, the session is

flushed (all session data deleted, new session created) and a warning is logged. The goal of this middleware is to

make it harder for an attacker to use a session ID they obtained. It does not make abuse of session IDs impossible.

For compatibility with IPv6 privacy extensions, by default only the first 64 bits of an IPv6 address are checked.

Documentation

-------------

The full documentation is at https://django-restricted-sessions.readthedocs.org.

Quickstart

----------

Install django-restricted-sessions::

    pip install django-restricted-sessions

Then add it to your middleware after SessionMiddleware::

    MIDDLEWARE = [

        "django.middleware.security.SecurityMiddleware",

        "django.contrib.sessions.middleware.SessionMiddleware",

        'restrictedsessions.middleware.RestrictedSessionsMiddleware',

        ....

    ]

If you use ``RESTRICTEDSESSIONS_AUTHED_ONLY``, ensure this middleware is added after

``AuthenticationMiddleware`` so that the ``request.user`` is present.