Django QSessions

django-qsessions offers two extended session backends for Django. They extend Django's db and cached_db backends (and Session model) with following extra features:

• Sessions have a foreign key to User
• Sessions store IP and User Agent

These features help you implement "Session Management" and show a list of active sessions to the user. You can display IP, location and user agent for each session and add an option to revoke sessions.

Comparison

Here is a brief comparison between Django's session backends (db, cache, cached_db), and django-qsessions.

	django			qsessions
	cache	db	cached_db	db	cached_db
Performance	✔✔		✔		✔
Persistence		✔	✔	✔	✔
Foreign Key to User				✔	✔
Store IP and User Agent				✔	✔

Compatibility

• Python: 3.8, 3.9, 3.10, 3.11, 3.12
• Django: 4.2, 5.0, 5.1

Installation

If your system is in production and there are active sessions using another session backend, you need to migrate them manually. We have no migration script.

1. If you want to use the cached_db backend, make sure you've configured your cache. If you have multiple caches defined in CACHES, Django will use the default cache. To use another cache, set SESSION_CACHE_ALIAS to the name of that cache.

2. Install the latest version from PyPI:

   pip install django-qsessions

3. In settings:

   • In INSTALLED_APPS replace 'django.contrib.sessions' with 'qsessions'.
   • In MIDDLEWARE or MIDDLEWARE_CLASSES replace 'django.contrib.sessions.middleware.SessionMiddleware' with 'qsessions.middleware.SessionMiddleware'.
   • Set SESSION_ENGINE to:
     • 'qsessions.backends.cached_db' if you want to use cached_db backend.
     • 'qsessions.backends.db' if you want to use db backend.

4. Run migrations to create qsessions.models.Session model.

   python manage.py migrate qsessions

To enable location detection using GeoIP2 (optional):

5. Install geoip2 package:

   pip install geoip2

6. Set GEOIP_PATH to a directory for storing GeoIP2 database.

7. Run the following command to download latest GeoIP2 database. You can add this command to a cron job to update GeoIP2 DB automatically. Due to Maxmind license changes you will need to acquire and use a license key for downloading the databases. You can pass the key on the command line, or in the MAXMIND_LICENSE_KEY environment variable.

   python manage.py download_geoip_db -k mykey

Usage

django-qsessions has a custom Session model with following extra fields: user, user_agent, created_at, updated_at, ip.

Get a user's sessions:

user.session_set.filter(expire_date__gt=timezone.now())

Delete a session:

# Deletes the session from both the database and the cache.
session.delete()

Logout a user:

user.session_set.all().delete()

Get session creation time (user login time):

>>> session.created_at
datetime.datetime(2018, 6, 12, 17, 9, 17, 443909, tzinfo=<UTC>)

Get IP and user agent:

>>> session.ip
'127.0.0.1'
>>> session.user_agent
'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Mobile Safari/537.36'

Get user device (parsed user-agent string):

>>> str(session.device())
'K / Android 10 / Chrome Mobile 118.0.0'
>>> session.device().device
Device(family='K', brand='Generic_Android', model='K')
>>> session.device().os
OperatingSystem(family='Android', version=(10,), version_string='10')
>>> session.device().browser
Browser(family='Chrome Mobile', version=(118, 0, 0), version_string='118.0.0')

And if you have configured GeoIP2, you can get location info using .location() and .location_info():

>>> session.location()
'Tehran, Iran'

>>> session.location_info()
{'city': 'Tehran', 'continent_code': 'AS', 'continent_name': 'Asia', 'country_code': 'IR', 'country_name': 'Iran', 'time_zone': 'Asia/Tehran', ...}

Admin page:

Caveats

• session.updated_at is not the session's exact last activity. It's updated each time the session object in DB is saved. (e.g. when user logs in, or when ip, user agent, or session data changes)

Why not django-user-sessions?

django-user-sessions has the same functionality, but only extends the db backend. Using a cache can improve performance.

We got ideas and some codes from django-user-sessions. Many thanks to Bouke Haarsma for writing django-user-sessions.

Development

• Create and activate a python virtualenv.
• Install development dependencies in your virtualenv with pip install -e '.[dev]'
• Install pre-commit hooks with pre-commit install
• Run tests with coverage:
  • py.test --cov

TODO

• Write better documentation.
  • Explain how it works (in summary)
  • Add more details to existing documentation.
• Write more tests
• Performance benchmark (and compare with Django's cached_db)

Contributions are welcome!

License

MIT