Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Server-Side Session Maintenance #53

Open
arin-paliwal opened this issue May 24, 2024 · 1 comment
Open

Implement Server-Side Session Maintenance #53

arin-paliwal opened this issue May 24, 2024 · 1 comment

Comments

@arin-paliwal
Copy link

Proposal: Implement Server-Side Session Maintenance

Description

The current implementation of the project does not support server-side session maintenance. To enhance the session management capabilities, we propose adding a new field is_active in the user model to track active sessions. Additionally, a dedicated /logout route should be introduced to manage session termination. This will also facilitate the retrieval of active users at any given instance, which is particularly useful from an administrative perspective.

Benefits

  1. Improved Security: Server-side session maintenance allows for better control over user sessions, making it easier to invalidate sessions when necessary.
  2. Enhanced User Management: Administrators can monitor active sessions and take action if any suspicious activity is detected.
  3. User Experience: Provides a more seamless logout process, ensuring that sessions are properly terminated on the server.

Implementation Overview

Model Modification

  • Add a new field is_active to the user model. This field will be a boolean that indicates whether a user's session is currently active.

New Route: /logout

  • Create a /logout route that will set the is_active field to false for the user, effectively terminating the session.

Session Management

  • On user login, set is_active to true.
  • Ensure that any actions requiring authentication check the is_active status.
  • Provide an endpoint for administrators to retrieve a list of all active users.

Implementation Steps

  1. Update User Model:

    • Modify the user schema to include the is_active boolean field.
    • Ensure that this field is set to true upon successful login.

  2. Create /logout Route:

    • Implement a route to handle logout requests and update the is_active status to false.

  3. Session Management Logic:

    • Update the login logic to set is_active to true upon successful authentication.

  4. Retrieve Active Users Endpoint:

    • Implement an endpoint to allow administrators to retrieve a list of currently active users.

Please assign this issue to me. I am eager to contribute to this project by implementing the server-side session maintenance feature.

I welcome any feedback or suggestions on this proposal.

Thank you!
@nikki-infinte
Copy link

Hello Nikita this side, GSSOC 2024
I read about the 'Implement Server side Session Management ' issue and its description, and implementation steps and I have a strong wish to work on this issue, I will make sure the output will be as satisfactory, Thus please assign this issue to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arin-paliwal @nikki-infinte