I store lots of user defined default values in the Django (1.7) sessions. When there is a bug sometimes a bad value can get saved into the user session and cause ongoing problems.
One way I solved the problem was to create a view to allow the user to clear his own cache.
def clear_session(request): request.session.flush() return HttpResponse('Session was flushed.')
While that seems incredibly easy to use, it still flusters some users. So I created a view that lets me clear that users session. When I get an Django error message by email, it includes the user’s session id. I use this to call this view:
from django.contrib.sessions.backends.db import SessionStore def clear_session(request, session_id): if not request.user.is_superuser: return HttpResponseForbidden('Forbidden') try: session = SessionStore(session_key=session_id) except ObjectDoesNotExist: session = None if session: keys = session.keys() for key in keys: # Don't delete protected keys. if key != '_' and key != 'testcookie': del session[key] session.save() return HttpResponseRedirect(reverse('show_user_from_session', args=[session_id]))
With this view, I can manually clear the user’s session without logging them off. Then I can confirm the session is cleared, before notifying them of the fix.