1from plain import models
 2
 3
 4@models.register_model
 5class Session(models.Model):
 6    """
 7    Plain provides full support for anonymous sessions. The session
 8    framework lets you store and retrieve arbitrary data on a
 9    per-site-visitor basis. It stores data on the server side and
10    abstracts the sending and receiving of cookies. Cookies contain a
11    session ID -- not the data itself.
12
13    The Plain sessions framework is entirely cookie-based. It does
14    not fall back to putting session IDs in URLs. This is an intentional
15    design decision. Not only does that behavior make URLs ugly, it makes
16    your site vulnerable to session-ID theft via the "Referer" header.
17
18    For complete documentation on using Sessions in your code, consult
19    the sessions documentation that is shipped with Plain (also available
20    on the Plain web site).
21    """
22
23    session_key = models.CharField(max_length=40, primary_key=True)
24    session_data = models.TextField()
25    expires_at = models.DateTimeField()
26
27    class Meta:
28        indexes = [
29            models.Index(fields=["expires_at"]),
30        ]
31
32    def __str__(self):
33        return self.session_key
34
35    def decoded_data(self):
36        from .core import SessionStore
37
38        # A little weird to init an empty one just to use the decode
39        return SessionStore()._decode(self.session_data)