plain-sessions changelog
0.42.2 (2026-02-04)
What's changed
- Added
__all__ exports to middleware, models, test, and views modules for explicit public API boundaries (e7164d3891b2)
Upgrade instructions
0.42.1 (2026-01-28)
What's changed
Upgrade instructions
0.42.0 (2026-01-15)
What's changed
- Session admin list view now displays a description for better clarity in the admin interface (0fc4dd3)
Upgrade instructions
0.41.0 (2026-01-13)
What's changed
- README documentation has been standardized with improved structure including a new FAQs section, better code examples, and clearer explanations (da37a78)
Upgrade instructions
0.40.1 (2025-11-24)
What's changed
- Documentation updated to fix remaining references to
SessionViewMixin that should be SessionView (d0b41a0)
Upgrade instructions
0.40.0 (2025-11-24)
What's changed
SessionViewMixin has been replaced with SessionView, a class that directly inherits from View. This provides better type inference for IDE autocomplete and type checkers (569afd6)
Upgrade instructions
- Replace
class MyView(SessionViewMixin, View) with class MyView(SessionView) and update your import from from plain.sessions.views import SessionViewMixin to from plain.sessions.views import SessionView
0.39.1 (2025-11-17)
What's changed
- The
Session model's query class variable no longer uses ClassVar type annotation, reverting to a simpler type annotation for improved type checker compatibility (1c624ff)
Upgrade instructions
0.39.0 (2025-11-13)
What's changed
- The
Session model now includes a typed query class variable using ClassVar[models.QuerySet[Session]] for improved IDE autocomplete and type checking support (c3b00a6)
Upgrade instructions
0.38.0 (2025-11-13)
What's changed
- Model fields now use the new typed field syntax with explicit type annotations and
types.CharField, types.JSONField, and types.DateTimeField imports (c8f40fc)
Upgrade instructions
0.37.0 (2025-11-12)
What's changed
- Type checking has been improved in
SessionMiddleware with an assertion to ensure session_key exists after save() and explicit bool() conversions for cookie security flags (f4dbcef)
Upgrade instructions
0.36.2 (2025-10-31)
What's changed
- Internal package configuration updated to include BSD-3-Clause license in
pyproject.toml (8477355)
Upgrade instructions
0.36.1 (2025-10-29)
What's changed
- Documentation has been expanded with a new "Session expiration" section that clarifies how session expiration works and explains the difference between
SESSION_SAVE_EVERY_REQUEST = False (save only when modified) and True (rolling sessions) (3ccbbe6)
Upgrade instructions
0.36.0 (2025-10-22)
What's changed
- The
SessionMiddleware now inherits from the new HttpMiddleware abstract base class and uses process_request() instead of __call__() (b960eed)
- Type annotations have been improved throughout the middleware (77dfa66)
Upgrade instructions
0.35.1 (2025-10-20)
What's changed
- Internal package configuration updated to use
[dependency-groups] instead of [tool.uv] for dev dependencies (1b43a3a)
Upgrade instructions
0.35.0 (2025-10-17)
What's changed
- The
clear_expired chore has been refactored to use the new class-based Chore API, renamed to ClearExpired (c4466d3)
Upgrade instructions
0.34.1 (2025-10-16)
What's changed
- The
get_current_session() template function now catches SessionNotAvailable exceptions and returns None instead of raising an error, improving error page rendering before middleware runs (fb889fa)
Upgrade instructions
0.34.0 (2025-10-10)
What's changed
- A new
SessionNotAvailable exception is now raised when attempting to access a session before SessionMiddleware has run, providing clearer error messages instead of a generic KeyError (fe47d8d)
Upgrade instructions
0.33.0 (2025-10-07)
What's changed
- The
Session model now uses model_options instead of an inner Meta class for model configuration (17a378d)
Upgrade instructions
0.32.2 (2025-10-06)
What's changed
- Type annotations have been added throughout the package for improved IDE support and type checking (f3a7cdd)
Upgrade instructions
0.32.1 (2025-10-02)
What's changed
- Documentation examples have been updated to reflect the new session access patterns introduced in 0.32.0 (f6278d9)
Upgrade instructions
0.32.0 (2025-10-02)
What's changed
- Session access has been refactored to use explicit functions and mixins instead of attaching directly to the request object (154ee10)
- New
get_request_session() function provides explicit access to sessions in middleware and other contexts
- New
SessionViewMixin provides convenient self.session property for class-based views
- New
get_current_session() template global function for accessing sessions in templates
Upgrade instructions
- Replace
request.session with get_request_session(request) in middleware or other non-view code
- In class-based views, inherit from
SessionViewMixin and use self.session instead of self.request.session
- In templates, replace
request.session with get_current_session() if not using views downstream of a SessionViewMixin
0.31.0 (2025-09-30)
What's changed
- The toolbar integration has been refactored to use the new
ToolbarItem API instead of ToolbarPanel, with SessionToolbarPanel renamed to SessionToolbarItem (79654db)
Upgrade instructions
0.30.0 (2025-09-25)
What's changed
- Preflight checks have been migrated to use the new class-based
PreflightCheck API with unified fix messages instead of separate msg and hint fields (b0b610d, c7cde12)
- Preflight check IDs have been renamed to use descriptive names instead of numbered codes (e.g.,
security.W010 → security.session_cookie_not_secure_app) (cd96c97)
Upgrade instructions
0.29.0 (2025-09-12)
What's changed
- Model manager API has been renamed from
.objects to .query throughout the codebase (037a239)
Upgrade instructions
- Replace any usage of
Session.objects with Session.query in your code (e.g., Session.objects.filter() becomes Session.query.filter())
0.28.0 (2025-09-09)
What's changed
- The
SessionStore now exposes a model_instance property that returns the underlying Session model instance, making it easier to access session metadata like the ID (f374290)
- Session admin interface now displays the numeric session ID instead of session keys for better readability (b3dca07)
- OpenTelemetry tracing now uses the session ID instead of the session key for better observability (9cc458e)
- Session toolbar display has been simplified by removing the session key display (e1fa569)
- Minimum Python version is now 3.13 (d86e307)
Upgrade instructions
0.27.0 (2025-08-27)
What's changed
- The toolbar panel for sessions has been moved to the new
plain.toolbar package. A new SessionToolbarPanel is now available in plain.sessions.toolbar (e49d54b)
- The README has been significantly expanded with comprehensive documentation including usage examples, configuration options, and installation instructions (4ebecd1)
- Updated the package description to "Database-backed sessions for managing user state across requests" (4ebecd1)
Upgrade instructions
0.26.1 (2025-07-23)
What's changed
- Added bootstrap icons to the Session admin interface with a "person-badge" icon (9e9f8b0)
Upgrade instructions
0.26.0 (2025-07-22)
What's changed
- Session model now uses the new
PrimaryKeyField instead of BigAutoField for the primary key (4b8fa6a)
Upgrade instructions
0.25.0 (2025-07-18)
What's changed
- Session middleware now includes OpenTelemetry tracing support, automatically setting the session ID as a span attribute when available (b0224d0)
Upgrade instructions
0.24.0 (2025-07-18)
What's changed
- Migration history was consolidated into a single initial migration file. The new
0001_initial.py includes all the current schema changes without the intermediate migration steps (484f1b6).
Upgrade instructions
- Run
plain migrate --prune plainsessions to run migrations and delete old ones from the database.
0.23.0 (2025-07-07)
What's changed
- Sessions are now stored in a brand-new
Session model that uses a numeric primary key, a JSON session_data column, and a created_at timestamp. A built-in data migration copies existing rows and removes the legacy table (aec55e3).
SessionStore now subclasses collections.abc.MutableMapping, giving it the full standard dictionary interface (iteration, len(), update(), etc.). Redundant helpers such as has_key() were removed (493d787, 5c1ffd8).- Session persistence was simplified: the cryptographic signing layer was removed and data is now saved as plain JSON via
update_or_create (aec55e3, 91e6540).
- Added admin integration – a
SessionAdmin viewset is registered so you can view and inspect sessions from Plain Admin under “Sessions” (aec55e3).
- Additional internal refactors around session caching and attribute names for better readability and performance (f2beb33).
Upgrade instructions
- Run your project’s database migrations after upgrading (
plain migrate). The included migration will automatically convert existing sessions to the new schema.
- Confirm that everything you stash in
request.session is JSON-serialisable. Complex Python objects that are not JSON-encodable should be converted to primitives (for example, cast to str).
- If you were using the deprecated
has_key() helper, replace it with the standard in operator (e.g. if "foo" in request.session:).
0.22.0 (2025-06-23)
What's changed
- Added
plain.sessions.test.get_client_session helper to make it easier to read and mutate the test client’s session inside unit-tests (eb8a02).
- Internal update for the framework’s new single-
DATABASE configuration. Session persistence no longer relies on DATABASE_ROUTERS and always uses the default database connection (d346d81).
Upgrade instructions
- If your project is already using the new single
DATABASE setting, no action is required.
- Projects that still define
DATABASES and/or DATABASE_ROUTERS in settings.py must migrate to the new single DATABASE configuration before upgrading.