Skip to content

Session

Database-backed user session.

Attributes:
session_id: Unique session identifier (used as cookie value)
user_id: User this session belongs to
expires_at: When the session expires
ip_address: Client IP address for security auditing
user_agent: Client user agent for display
Security:
- session_id should be cryptographically random
- Check expires_at before accepting session
- Track ip_address/user_agent for security alerts

Source: session.py

Field Type Required Description Validators
session_id str Unique session identifier -
user_id str User this session belongs to -
expires_at datetime Session expiration time -
ip_address None Client IP address -
user_agent None Client user agent string -
active_account_id None Currently active user profile ID -
accounts dict[str, Any] Active user profiles associated with the session -
Role Create Delete Read Write
User
Setting Value
Submittable False
Track Changes True

Controller hooks are implemented in *_controller.py files. Available lifecycle hooks:

  • validate() - Called before save, raise exceptions for validation errors
  • before_insert() - Called before inserting a new document
  • after_insert() - Called after successfully inserting
  • before_save() - Called before saving (insert or update)
  • after_save() - Called after saving
  • before_delete() - Called before deleting
  • after_delete() - Called after deleting