Hello!
I recently discovered some annoyances in sessions middleware which I'd
like to fix. But first I prefer to here from you if this is desirable.
1. Session key is generated on save, not on creation.
This means that Django may expose the working and usable session to the
user which nonetheless has no key. I'm developing a site with a
basket-like functionality. I was using sessions to give each user his
basket. And basket was related to sessions by a ForeignKey:
class Basket(meta.Model):
session=meta.ForeignKey(core.Session)
So when new user (without a session cookie) makes a request I'm trying
to create a session and create a new Basket referencing to this new
session. Here's the trap: until the request ends session doesn't have
actual key and the Basket is created with ForeignKey set to None and
user won't see his Basket next time.
I see two solutions:
- generate new session key when processing request immediately if there
is no cookie
- turn creating a session into an explicit procedure in app's view:
if not request.session:
key=request.create_session
2. Session's lifetime is prolonged only when sessions is modified.
Imagine an online shop with sessions lifetime of two hours. User comes
to a site, a session is created. User then adds some goods to the basket
and before making a decision about actually submitting an order decides
to have a closer look at delivery and payment options. When browsing and
reading documents his basket is untouched and not modified. This can
easily take about two hours including interruptions for some irrelevant
incoming calls. And then his session expires. And basket is suddenly empty.
I mean, is there a reason to not update session's expiration time on
each request?
