Session
Database-backed user session.
Attributes: session_id: Unique session identifier (used as cookie value) user_id: User this session belongs to expires_at: When the session expires ip_address: Client IP address for security auditing user_agent: Client user agent for display
Security: - session_id should be cryptographically random - Check expires_at before accepting session - Track ip_address/user_agent for security alertsSource: session.py
Fields
Section titled “Fields”| Field | Type | Required | Description | Validators |
|---|---|---|---|---|
| session_id | str | Unique session identifier | - | |
| user_id | str | User this session belongs to | - | |
| expires_at | datetime | Session expiration time | - | |
| ip_address | None | Client IP address | - | |
| user_agent | None | Client user agent string | - | |
| active_account_id | None | Currently active user profile ID | - | |
| accounts | dict[str, Any] | Active user profiles associated with the session | - |
Permissions
Section titled “Permissions”| Role | Create | Delete | Read | Write |
|---|---|---|---|---|
| User | ✓ | ✓ |
Configuration
Section titled “Configuration”| Setting | Value |
|---|---|
| Submittable | False |
| Track Changes | True |
Controller
Section titled “Controller”Controller hooks are implemented in *_controller.py files.
Available lifecycle hooks:
validate()- Called before save, raise exceptions for validation errorsbefore_insert()- Called before inserting a new documentafter_insert()- Called after successfully insertingbefore_save()- Called before saving (insert or update)after_save()- Called after savingbefore_delete()- Called before deletingafter_delete()- Called after deleting