Future of starlite-sessions

[provinzkraut]

I have started a conversation with @Goldziher and @infohash about the idea @infohash brought up to merge starlite-sessions into starlite.

Also on the table is the question how it will evolve. Do we want to add out-of-the-box login pages / endoints? Do we want to handle other login / account management related functionality? Do we want to converge all this into a separate package (à la flask-security)?

[provinzkraut]

Personally, I think that if we want to extend its functionality in the future, it should definitely be its own thing. If we're to decide that it should remain "bare bones", that is only provide a session authentication interface as a middleware, it could go into starlite.

@Goldziher also brought up that having starlite-sessions be a part of starlite, while starlite-jwt and starlite-oidc are separate packages is a bit inconsistent, which I tend to agree with.

[Goldziher]

I would suggest we keep it a separate package and extend it in the future. But let's see what others think.

[infohash]

I feel the same. Everything extra that could be optionally used by the user as an enhancement can be put in this extension.

[Matteomt]

Hi, just a question: is there any intention to support use cases like the following?

• listing the current active sessions (of a user)
• deleting all the sessions of a user (think of what you would do in case of suspect of possible data breach)

I see that ServerSideSessionBackend, based on a Store, do not have ways for listing of sessions or selective deletion.
For what I can understand, the current implementation is meant to be as simple as possible and the functionality I'm talking about should be be implemented in a custom Store.

Also, a feature that I think would require some heavy customization is adding a session validator code alongside the session selector (id) as described here.

Thanks.

[cofin]

• deleting all the sessions of a user (think of what you would do in case of suspect of possible data breach)

While we don't have a way to list sessions by user, we do have several commands built into the CLI for sessions. Here's some info on the current session commands.