Skip to content

feat(session): Single user session#13416

Merged
valentijnscholten merged 1 commit intoDefectDojo:devfrom
kiblik:single_session
Oct 17, 2025
Merged

feat(session): Single user session#13416
valentijnscholten merged 1 commit intoDefectDojo:devfrom
kiblik:single_session

Conversation

@kiblik
Copy link
Copy Markdown
Contributor

@kiblik kiblik commented Oct 13, 2025

Some security policies require allowing users to have only one active session.
This PR allows activating this behaviour. Default behaviour is still the same (multiple sessions allowed).

@github-actions github-actions Bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Oct 13, 2025
@valentijnscholten
Copy link
Copy Markdown
Member

valentijnscholten commented Oct 14, 2025

Just wondering what happens when a user uses the API. Will there be a session created as well?

@valentijnscholten valentijnscholten added this to the 2.52.0 milestone Oct 14, 2025
@kiblik
Copy link
Copy Markdown
Contributor Author

kiblik commented Oct 14, 2025

Just wondering what happens when a user uses the API. Will there be a session created as well?

This is a valid question. I do not know at this moment. I will test it.

@kiblik
Copy link
Copy Markdown
Contributor Author

kiblik commented Oct 14, 2025

Just wondering what happens when a user uses the API. Will there be a session created as well?

I executed a test where the user used a token to access the API. He had not been logged off. He was only logged off when I logged in as the same user in a private session.
So this works well.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Oct 14, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Oct 14, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Oct 15, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Thanks for making it configurable

@valentijnscholten valentijnscholten merged commit 13dd919 into DefectDojo:dev Oct 17, 2025
148 checks passed
@kiblik kiblik deleted the single_session branch October 17, 2025 17:34
Maffooch pushed a commit to valentijnscholten/django-DefectDojo that referenced this pull request Feb 16, 2026
@kiblik
feat(session): Single user session (DefectDojo#13416)
89fd166
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Jino-T approved these changes

Assignees

No one assigned

Labels

settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR

Projects

None yet

Milestone

2.52.0

Development

Successfully merging this pull request may close these issues.

5 participants

@kiblik @valentijnscholten @mtesauro @Maffooch @Jino-T