Update:
, . , , prev_session_data, , .
-, :
- URL- , - (
request.user - AnonymousUser). - , , .
- (
SessionStore._session); accessed modified . SessionMiddleware , Session django_session ( , , django.contrib.sessions.backends.db). cookie settings.SESSION_COOKIE_NAME.- , . ,
login django.contrib.auth. login , ; , , SessionStore.cycle_key, , . SessionStore.flush, . ( ) SessionStore.create . - , . , .
settings.SESSION_COOKIE_NAME.
, , - create ( 5.), . , , , cookie , .
, , , , , , , - . , "" cookie, , cookie. :
- cookie , cookie , , ,
- cookie , cookie , , , , .
- cookie ,
:
sessionaudit.middleware.py:
from django.conf import settings
from django.db.models import signals
from django.utils.http import cookie_date
import time
session_expired = signals.Signal(providing_args=['previous_session_key'])
AUDIT_COOKIE_NAME = 'sessionaudit'
class SessionAuditMiddleware(object):
def process_request(self, request):
session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None)
audit_cookie = request.COOKIES.get(AUDIT_COOKIE_NAME, None)
if audit_cookie is None and session_key is None:
print "** Got new user **"
elif audit_cookie and session_key is None:
print "** User session expired, Session ID: %s **" % audit_cookie
session_expired.send(self.__class__, previous_session_key=audit_cookie)
elif audit_cookie == session_key:
print "** User session active, Session ID: %s **" % audit_cookie
def process_response(self, request, response):
if request.session.session_key:
audit_cookie = request.COOKIES.get(AUDIT_COOKIE_NAME, None)
if audit_cookie != request.session.session_key:
max_age = 60 * 60 * 24 * 365
expires_time = time.time() + max_age
expires = cookie_date(expires_time)
response.set_cookie(
AUDIT_COOKIE_NAME,
request.session.session_key,
max_age=max_age,
expires=expires,
domain=settings.SESSION_COOKIE_DOMAIN,
path=settings.SESSION_COOKIE_PATH,
secure=settings.SESSION_COOKIE_SECURE or None
)
return response
audit.models.py:
from django.contrib.sessions.models import Session
from sessionaudit.middleware import session_expired
def audit_session_expire(sender, **kwargs):
try:
prev_session = Session.objects.get(session_key=kwargs['previous_session_key'])
prev_session_data = prev_session.get_decoded()
user_id = prev_session_data.get('_auth_user_id')
except Session.DoesNotExist:
pass
session_expired.connect(audit_session_expire)
settings.py:
MIDDLEWARE_CLASSES = (
...
'django.contrib.sessions.middleware.SessionMiddleware',
'sessionaudit.middleware.SessionAuditMiddleware',
...
)
INSTALLED_APPS = (
...
'django.contrib.sessions',
'audit',
...
)
, , cookie , . , django signed-cookies ( , , , ?)
OLD:
, , . () :
from django.contrib.sessions.backends.db import SessionStore as DBStore
from django.db.models import signals
session_created = signals.Signal(providing_args=['previous_session_key', 'new_session_key'])
class SessionStore(DBStore):
"""
Override the default database session store.
The `create` method is called by the framework to:
* Create a new session, if we have a new user
* Generate a new session, if the current user session has expired
What we want to do is override this method, so we can send a signal
whenever it is called.
"""
def create(self):
prev_session_id = self.session_key
super(SessionStore, self).create()
session_created.send(self.__class__, previous_session_key=prev_session_id, new_session_key=self.session_key)
"customdb.py" django. settings.py "SESSION_ENGINE" , :
SESSION_ENGINE = 'yourproject.customdb'
from django.contrib.sessions.models import Session
from yourproject.customdb import session_created
def audit_session_expire(sender, **kwargs):
try:
prev_session = Session.objects.get(kwargs['previous_session_key'])
prev_session_data = prev_session.get_decoded()
user_id = prev_session_data['_auth_user_id']
except Session.DoesNotExist:
session_created.connect(audit_session_expire)
, models.py INSTALLED_APPS.