skip to navigation
skip to content

Not Logged In

django-restricted-sessions 0.1.2

Restrict Django sessions to IP and/or user agent.

https://badge.fury.io/py/django-restricted-sessions.png https://travis-ci.org/erikr/django-restricted-sessions.png?branch=master https://coveralls.io/repos/erikr/django-restricted-sessions/badge.png?branch=master&

Restricts Django sessions to IP and/or user agent.

If the IP or user agent changes after creating the session, the a 400 response is given to the request, the session is flushed (all session data deleted, new session created) and a warning is logged. The goal of this middleware is to make it harder for an attacker to use a session ID they obtained. It does not make abuse of session IDs impossible.

For compatibility with IPv6 privacy extensions, by default only the first 64 bits of an IPv6 address are checked.

Documentation

The full documentation is at https://django-restricted-sessions.readthedocs.org.

Quickstart

Install django-restricted-sessions:

pip install django-restricted-sessions

Then add it to your middleware after SessionMiddleware:

MIDDLEWARE_CLASSES = [
    ....
    'django.contrib.sessions.middleware.SessionMiddleware',
    'restrictedsessions.middleware.RestrictedSessionsMiddleware',
    ....
]

History

0.1.2 (2014-03-20)

  • Resolved exception being raised when session switches from IPv4 to IPv6
  • Python 3.4 support

0.1.1 (2014-02-18)

  • Added missing netaddr requirement to setup.py.

0.1.0 (2014-02-17)

  • First release on PyPI.
 
File Type Py Version Uploaded on Size
django-restricted-sessions-0.1.2.tar.gz (md5) Source 2014-03-20 5KB
  • Downloads (All Versions):
  • 13 downloads in the last day
  • 44 downloads in the last week
  • 343 downloads in the last month