Reconsider User -> Session relationship

I have summed up the feature in concise words in the Summary section.
I have completely described the feature in the Description section.

Summary

We should support more than one session per user.

Scenario: A user (UserA) logs in on their desktop at home. A user (UserA) then logs in on their laptop at home. The session expiration should be independent for the two different machines.

Currently, the SID is re-emitted for any location that a user logs into. This means that a session can change from another location. We should treat sessions as a single unique identifier for a location, not a user.

Description

We'll need to change the User.session relationship to be lazy="dynamic" and no longer contain uselist=False. We'll have to fetch a user's session ID based on the current cookie against their current set of records.

Locations involved:

aurweb.auth.BasicAuthBackend
aurweb.models.user.User.login
aurweb.models.user.User.logout
Related tests

Edited Dec 03, 2021 by Kevin Morris

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Reconsider User -> Session relationship

Summary

Description

Locations involved: