Restrict Django sessions to IP and/or user agent.
Project description
=============================
django-restricted-sessions
=============================
.. image:: https://badge.fury.io/py/django-restricted-sessions.png
:target: http://badge.fury.io/py/django-restricted-sessions
.. image:: https://travis-ci.org/erikr/django-restricted-sessions.png?branch=master
:target: https://travis-ci.org/erikr/django-restricted-sessions
.. image:: https://coveralls.io/repos/erikr/django-restricted-sessions/badge.png?branch=master
:target: https://coveralls.io/r/erikr/django-restricted-sessions?branch=master
Restricts Django sessions to IP and/or user agent.
If the IP or user agent changes after creating the session, the a 400 response is given to the request, the session is
flushed (all session data deleted, new session created) and a warning is logged. The goal of this middleware is to
make it harder for an attacker to use a session ID they obtained. It does not make abuse of session IDs impossible.
For compatibility with IPv6 privacy extensions, by default only the first 64 bits of an IPv6 address are checked.
Documentation
-------------
The full documentation is at https://django-restricted-sessions.readthedocs.org.
Quickstart
----------
Install django-restricted-sessions::
pip install django-restricted-sessions
Then add it to your middleware after SessionMiddleware::
MIDDLEWARE_CLASSES = [
....
'django.contrib.sessions.middleware.SessionMiddleware',
'restrictedsessions.middleware.RestrictedSessionsMiddleware',
....
]
History
-------
0.1.0 (2014-02-17)
++++++++++++++++++
* First release on PyPI.
django-restricted-sessions
=============================
.. image:: https://badge.fury.io/py/django-restricted-sessions.png
:target: http://badge.fury.io/py/django-restricted-sessions
.. image:: https://travis-ci.org/erikr/django-restricted-sessions.png?branch=master
:target: https://travis-ci.org/erikr/django-restricted-sessions
.. image:: https://coveralls.io/repos/erikr/django-restricted-sessions/badge.png?branch=master
:target: https://coveralls.io/r/erikr/django-restricted-sessions?branch=master
Restricts Django sessions to IP and/or user agent.
If the IP or user agent changes after creating the session, the a 400 response is given to the request, the session is
flushed (all session data deleted, new session created) and a warning is logged. The goal of this middleware is to
make it harder for an attacker to use a session ID they obtained. It does not make abuse of session IDs impossible.
For compatibility with IPv6 privacy extensions, by default only the first 64 bits of an IPv6 address are checked.
Documentation
-------------
The full documentation is at https://django-restricted-sessions.readthedocs.org.
Quickstart
----------
Install django-restricted-sessions::
pip install django-restricted-sessions
Then add it to your middleware after SessionMiddleware::
MIDDLEWARE_CLASSES = [
....
'django.contrib.sessions.middleware.SessionMiddleware',
'restrictedsessions.middleware.RestrictedSessionsMiddleware',
....
]
History
-------
0.1.0 (2014-02-17)
++++++++++++++++++
* First release on PyPI.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-restricted-sessions-0.1.0.tar.gz.
File metadata
- Download URL: django-restricted-sessions-0.1.0.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fa197f6c56d7688a3e9b7b4f8b2bf349652b08b18660fdaa5f0d944c35c947e1 |
|
| MD5 | 7e460ec5e77d136866be673e051666d8 |
|
| BLAKE2b-256 | 4570c2fd829af5fdc6ff3e88001874c49f3ef7f844d013e96103ac89c1e37209 |
