Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/querateam/django-qsessions

Extended session backends for Django (Sessions store IP, User Agent, and foreign key to User)
https://github.com/querateam/django-qsessions

cache django python session session-management sessions

Last synced: 2 days ago
JSON representation

Extended session backends for Django (Sessions store IP, User Agent, and foreign key to User)

Host: GitHub
URL: https://github.com/querateam/django-qsessions
Owner: QueraTeam
License: mit
Created: 2018-01-20T09:09:56.000Z (almost 7 years ago)
Default Branch: main
Last Pushed: 2024-11-03T07:32:25.000Z (2 months ago)
Last Synced: 2024-12-25T09:01:36.680Z (16 days ago)
Topics: cache, django, python, session, session-management, sessions
Language: Python
Homepage:
Size: 164 KB
Stars: 157
Watchers: 7
Forks: 14
Open Issues: 3
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt

Awesome Lists containing this project

README

        # Django QSessions

[![pypi](https://img.shields.io/pypi/v/django-qsessions.svg)](https://pypi.python.org/pypi/django-qsessions/)

[![tests ci](https://github.com/QueraTeam/django-qsessions/workflows/tests/badge.svg)](https://github.com/QueraTeam/django-qsessions/actions)

[![coverage](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/quera-org/24a6d63ff9d29d9be5399169f8199ca0/raw/pytest-coverage__main.json)](https://github.com/QueraTeam/django-qsessions/actions)

[![MIT](https://img.shields.io/github/license/QueraTeam/django-qsessions.svg)](https://github.com/QueraTeam/django-qsessions/blob/master/LICENSE.txt)

[![black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)

**django-qsessions** offers two extended session backends for Django.

They extend Django's `db` and `cached_db` backends (and `Session` model)

with following extra features:

- Sessions have a foreign key to User

- Sessions store IP and User Agent

These features help you implement "Session Management" and show a list

of active sessions to the user. You can display IP, location and user

agent for each session and add an option to revoke sessions.

## Comparison

Here is a brief comparison between Django's session backends (db, cache,

cached_db), and django-qsessions.

  

  

    

    django

    qsessions

  

  

    cache

    db

    cached_db

    db

    cached_db

  

  

  

  

    Performance

    ✔✔

    

    ✔

    

    ✔

  

  

    Persistence

    

    ✔

    ✔

    ✔

    ✔

  

  

    Foreign Key to User

    

    

    

    ✔

    ✔

  

  

    Store IP and User Agent

    

    

    

    ✔

    ✔

  

## Compatibility

- Python: **3.8**, **3.9**, **3.10**, **3.11**, **3.12**

- Django: **4.2**, **5.0**, **5.1**

## Installation

If your system is in production and there are active sessions using

another session backend, you need to migrate them manually. We have no

migration script.

1.  If you want to use the `cached_db` backend, make sure you've

    [configured your

    cache](https://docs.djangoproject.com/en/dev/topics/cache/). If you

    have multiple caches defined in `CACHES`, Django will use the

    default cache. To use another cache, set `SESSION_CACHE_ALIAS` to

    the name of that cache.

2.  Install the latest version from PyPI:

    ```sh

    pip install django-qsessions

    ```

3.  In settings:

    - In `INSTALLED_APPS` replace `'django.contrib.sessions'` with

      `'qsessions'`.

    - In `MIDDLEWARE` or `MIDDLEWARE_CLASSES` replace

      `'django.contrib.sessions.middleware.SessionMiddleware'` with

      `'qsessions.middleware.SessionMiddleware'`.

    - Set `SESSION_ENGINE` to:

      - `'qsessions.backends.cached_db'` if you want to use

        `cached_db` backend.

      - `'qsessions.backends.db'` if you want to use `db` backend.

4.  Run migrations to create `qsessions.models.Session` model.

    ```sh

    python manage.py migrate qsessions

    ```

To enable location detection using GeoIP2 (optional):

5.  Install `geoip2` package:

    ```sh

    pip install geoip2

    ```

6.  Set `GEOIP_PATH` to a directory for storing GeoIP2 database.

7.  Run the following command to download latest GeoIP2 database. You

    can add this command to a cron job to update GeoIP2 DB

    automatically. Due to [Maxmind license

    changes](https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/)

    you will need to acquire and use a license key for downloading the

    databases. You can pass the key on the command line, or in the

    `MAXMIND_LICENSE_KEY` environment variable.

    ```sh

    python manage.py download_geoip_db -k mykey

    ```

## Usage

django-qsessions has a custom `Session` model with following extra

fields: `user`, `user_agent`, `created_at`, `updated_at`, `ip`.

Get a user's sessions:

```python

user.session_set.filter(expire_date__gt=timezone.now())

```

Delete a session:

```python

# Deletes the session from both the database and the cache.

session.delete()

```

Logout a user:

```python

user.session_set.all().delete()

```

Get session creation time (user login time):

```python

>>> session.created_at

datetime.datetime(2018, 6, 12, 17, 9, 17, 443909, tzinfo=)

```

Get IP and user agent:

```python

>>> session.ip

'127.0.0.1'

>>> session.user_agent

'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Mobile Safari/537.36'

```

Get user device (parsed user-agent string):

```python

>>> str(session.device())

'K / Android 10 / Chrome Mobile 118.0.0'

>>> session.device().device

Device(family='K', brand='Generic_Android', model='K')

>>> session.device().os

OperatingSystem(family='Android', version=(10,), version_string='10')

>>> session.device().browser

Browser(family='Chrome Mobile', version=(118, 0, 0), version_string='118.0.0')

```

And if you have configured GeoIP2, you can get location info using `.location()`

and `.location_info()`:

```python

>>> session.location()

'Tehran, Iran'

>>> session.location_info()

{'city': 'Tehran', 'continent_code': 'AS', 'continent_name': 'Asia', 'country_code': 'IR', 'country_name': 'Iran', 'time_zone': 'Asia/Tehran', ...}

```

Admin page:

![image](https://user-images.githubusercontent.com/2115303/41525284-b0b258b0-72f5-11e8-87f1-8770e0094f4c.png)

### Caveats

- `session.updated_at` is not the session's exact last activity. It's

  updated each time the session object in DB is saved. (e.g. when user

  logs in, or when ip, user agent, or session data changes)

## Why not `django-user-sessions`?

[django-user-sessions](https://github.com/Bouke/django-user-sessions)

has the same functionality, but only extends the `db` backend. Using a

cache can improve performance.

We got ideas and some codes from django-user-sessions. Many thanks to

[Bouke Haarsma](https://github.com/Bouke) for writing

django-user-sessions.

## Development

- Create and activate a python virtualenv.

- Install development dependencies in your virtualenv with `pip install -e '.[dev]'`

- Install pre-commit hooks with `pre-commit install`

- Run tests with coverage:

  - `py.test --cov`

## TODO

- Write better documentation.

  - Explain how it works (in summary)

  - Add more details to existing documentation.

- Write more tests

- Performance benchmark (and compare with Django's `cached_db`)

Contributions are welcome!

## License

MIT