Session
Database-backed user session.
Attributes:
session_id: Unique session identifier (used as cookie value)
user_id: User this session belongs to
expires_at: When the session expires
ip_address: Client IP address for security auditing
user_agent: Client user agent for display
Security:
- session_id should be cryptographically random
- Check expires_at before accepting session
- Track ip_address/user_agent for security alerts
Source: session.py
Fields
| Field | Type | Required | Description | Validators |
|---|---|---|---|---|
| session_id | str | Unique session identifier | - | |
| user_id | str | User this session belongs to | - | |
| expires_at | datetime | Session expiration time | - | |
| ip_address | str | None | Client IP address | |
| user_agent | str | None | Client user agent string |
Configuration
| Setting | Value |
|---|---|
| Submittable | False |
| Track Changes | True |
Controller
Controller hooks are implemented in *_controller.py files.
Available lifecycle hooks:
validate()- Called before save, raise exceptions for validation errorsbefore_insert()- Called before inserting a new documentafter_insert()- Called after successfully insertingbefore_save()- Called before saving (insert or update)after_save()- Called after savingbefore_delete()- Called before deletingafter_delete()- Called after deleting