Working Directly with Sessions in Django

I store lots of user defined default values in the Django (1.7) sessions. When there is a bug sometimes a bad value can get saved into the user session and cause ongoing problems.

One way I solved the problem was to create a view to allow the user to clear his own cache.

def clear_session(request):
    request.session.flush()
    return HttpResponse('Session was flushed.')

While that seems incredibly easy to use, it still flusters some users. So I created a view that lets me clear that users session. When I get an Django error message by email, it includes the user’s session id. I use this to call this view:

from django.contrib.sessions.backends.db import SessionStore
def clear_session(request, session_id):
    if not request.user.is_superuser:
        return HttpResponseForbidden('Forbidden')

    try:
        session = SessionStore(session_key=session_id)
    except ObjectDoesNotExist:
        session = None

    if session:
        keys = session.keys()
        for key in keys:
            # Don't delete protected keys.
            if key[0] != '_' and key != 'testcookie':
                del session[key]
        session.save()
    return HttpResponseRedirect(reverse('show_user_from_session', args=[session_id]))

With this view, I can manually clear the user’s session without logging them off. Then I can confirm the session is cleared, before notifying them of the fix.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s