Session/cookie based messages (#4604)

>
> In the spirit of Russell's No! Bad Pony! talk at DjangoCon I'd like to
> start a conversation about cleaning up session messages enough to get
> them into core or contrib.  Alex suggested that the ticket (http://
> code.djangoproject.com/ticket/4604) was not the right place for the
> conversation so I'm starting one here.
>
> There are a number of usable solutions out there but django-notify is
> the most complete, polished one that I know of.  I just contributed a
> patch for combo/fallback storage, a version of which SmileyChris
> integrated into trunk (of django-notify, not django).  It's a solid
> product with well-commented code and a good test suite.
>
> What needs to be done to get this or something like it into contrib?

>
>> One of the questions that needs to be answered
>> is "why should [a session based notification system] be shipped with Django?"
>
>> Another piece of the puzzle that is missing from my perspective is any
>> discussion of how session-based messaging interacts with the existing
>> contrib.auth messaging framework. IMHO, Django shouldn't ship with two
>> messaging APIs, so what is the integration point?
>
> Having some kind of defacto cross-request notification system makes
> sense; it's a very common usage pattern.
> Attaching these kind of messages to a User instance is wrong: there is
> not an enforced one to one correlation between a user and a session
> [1], and you can't notify anonymous sessions.
>
> The current contrib.auth messaging framework can't be removed or
> replaced while keeping full backwards compatibility. A basic user
> based messaging system still has it's uses, but it is not the best fit
> for session notifications.
> Side note: a pet peeve of mine is that contrib.auth messages are not
> lazily loaded, which means you get a db hit every request [when using
> a RequestContext] and lose your messages whether you use the messages
> context var or not, but this is a side issue and should probably be a
> ticket of it's own.
>
> For some background, I initially started 4604 much more tightly
> coupled with core, and one which backwards-compatibly worked with the
> current user-based messaging system. Malcolm specifically requested
> that this should be written as a stand-alone contrib app rather than
> part of core, and that it should have minimal impact on existing code.

> On Mon, Sep 21, 2009 at 6:13 AM, Chris Beaven <smileych...@...> wrote:
>
> >> One of the questions that needs to be answered
> >> is "why should [a session based notification system] be shipped with Django?"
>
> >> Another piece of the puzzle that is missing from my perspective is any
> >> discussion of how session-based messaging interacts with the existing
> >> contrib.auth messaging framework. IMHO, Django shouldn't ship with two
> >> messaging APIs, so what is the integration point?
>
> > Having some kind of defacto cross-request notification system makes
> > sense; it's a very common usage pattern.
> > Attaching these kind of messages to a User instance is wrong: there is
> > not an enforced one to one correlation between a user and a session
> > [1], and you can't notify anonymous sessions.
>
> > The current contrib.auth messaging framework can't be removed or
> > replaced while keeping full backwards compatibility. A basic user
> > based messaging system still has it's uses, but it is not the best fit
> > for session notifications.
> > Side note: a pet peeve of mine is that contrib.auth messages are not
> > lazily loaded, which means you get a db hit every request [when using
> > a RequestContext] and lose your messages whether you use the messages
> > context var or not, but this is a side issue and should probably be a
> > ticket of it's own.
>
> > For some background, I initially started 4604 much more tightly
> > coupled with core, and one which backwards-compatibly worked with the
> > current user-based messaging system. Malcolm specifically requested
> > that this should be written as a stand-alone contrib app rather than
> > part of core, and that it should have minimal impact on existing code.
>
> Sorry - perhaps I need to be more clear on my intent here. I'm
> convinced of the importance of session-based messages - just not of
> when and how a particular implementation should be added to trunk.

> What I'm talking about is an orthogonal set of modifications that
> would allow for _any_ messaging system (database backed, session
> backed, or magic pony backed) to be used. This doesn't couple a
> particular implementation of session-based messages to the core, but
> it would allow for end-users to choose a session-based message
> framework if they found one that was appropriate to their needs. In
> the fullness of time, we may end up adding django-notify or similar to
> contrib, but if we add the plugable backend we can defer that decision
> until much later when implementations have stabilized and a clear
> implementation winner has emerged.

>
>
>
> On Sep 21, 12:05 pm, Russell Keith-Magee <freakboy3...@...>
> wrote:
>> On Mon, Sep 21, 2009 at 6:13 AM, Chris Beaven <smileych...@...> wrote:
>>
>> >> One of the questions that needs to be answered
>> >> is "why should [a session based notification system] be shipped with Django?"
>>
>> >> Another piece of the puzzle that is missing from my perspective is any
>> >> discussion of how session-based messaging interacts with the existing
>> >> contrib.auth messaging framework. IMHO, Django shouldn't ship with two
>> >> messaging APIs, so what is the integration point?
>>
>> > Having some kind of defacto cross-request notification system makes
>> > sense; it's a very common usage pattern.
>> > Attaching these kind of messages to a User instance is wrong: there is
>> > not an enforced one to one correlation between a user and a session
>> > [1], and you can't notify anonymous sessions.
>>
>> > The current contrib.auth messaging framework can't be removed or
>> > replaced while keeping full backwards compatibility. A basic user
>> > based messaging system still has it's uses, but it is not the best fit
>> > for session notifications.
>> > Side note: a pet peeve of mine is that contrib.auth messages are not
>> > lazily loaded, which means you get a db hit every request [when using
>> > a RequestContext] and lose your messages whether you use the messages
>> > context var or not, but this is a side issue and should probably be a
>> > ticket of it's own.
>>
>> > For some background, I initially started 4604 much more tightly
>> > coupled with core, and one which backwards-compatibly worked with the
>> > current user-based messaging system. Malcolm specifically requested
>> > that this should be written as a stand-alone contrib app rather than
>> > part of core, and that it should have minimal impact on existing code.
>>
>> Sorry - perhaps I need to be more clear on my intent here. I'm
>> convinced of the importance of session-based messages - just not of
>> when and how a particular implementation should be added to trunk.
>
> Thanks for your clarifications.
>
>> What I'm talking about is an orthogonal set of modifications that
>> would allow for _any_ messaging system (database backed, session
>> backed, or magic pony backed) to be used. This doesn't couple a
>> particular implementation of session-based messages to the core, but
>> it would allow for end-users to choose a session-based message
>> framework if they found one that was appropriate to their needs. In
>> the fullness of time, we may end up adding django-notify or similar to
>> contrib, but if we add the plugable backend we can defer that decision
>> until much later when implementations have stabilized and a clear
>> implementation winner has emerged.
>
> django-notify is built on a pluggable backend architecture.
> It comes with packaged with three backends, and custom backends are
> also supported.
>
>> As it stands, I'm aware of at _least_ two
>> implementations (django-notify and djangoflash),
>
> I agree, the decision is important to get right.
>
> To clarify, django flash is actually more than just a session
> notification backend, it introduces a whole new temporary (but cross-
> request) variable scope.
> Leah has a messaging implementation which uses django-flash:
> http://github.com/leah/django-flash-status
>
> So the question changes into, "are we after just a notification system
> or do we want to have a more open (but arbitrary) system of a
> temporary cross-request variable scope?"

> On Sun, Sep 20, 2009 at 10:24 AM, Russell Keith-Magee <
>
> freakboy3...@...> wrote:
>
> > You also mention that there are a number of other implementations, but
> > you haven't really given a compelling survey or analysis of the
> > alternatives - you've just blessed one in particular. Why?
>
> I started a wiki page comparing some of the different options out there:http://code.djangoproject.com/wiki/SessionMessages
>
> Feel free to update with (your messaging backend here).
>
> Tobias

> On Tue, Sep 22, 2009 at 9:51 PM, Russell Keith-Magee <freakboy3...@...
>
> > wrote:
> > In reality, I get a ping time closer to 300 ms. And that's to a
> > high-end data center under ideal conditions - it can be much larger if
> > I'm dealing with low end providers.
>
> What?? 200 ms is the average quoted by Mr. Sproutcore himself!
>
> No, in all seriousness, my apologies for making such a broad generalization
> about packet latency.  I could/should have said 500 ms or even a second; the
> argument and corresponding solution, if needed, remain the same.
>
> Anyways..we digress.  I am marking this a non-issue in my own head - please
> pipe up if there's a case to be made.
>
> Tobias

> Things that still need to be discussed/done:
>
> * Coming to consensus on what 3rd party app we actually choose to
> extend/modify to fit into Django
>
> * What to do with the existing user message API (see
> http://code.djangoproject.com/wiki/SessionMessages#IntegratingwiththeExistingAPI)
>
> * Review/add to the TODO list on the wiki
> (http://code.djangoproject.com/wiki/SessionMessages#TODOOnceaSolutionisChosen)

>
> On Sat, Oct 10, 2009 at 1:19 PM, Tobias McNulty <tobias@...
> > wrote:
>> Things that still need to be discussed/done:
>>
>> * Coming to consensus on what 3rd party app we actually choose to
>> extend/modify to fit into Django
>>
>> * What to do with the existing user message API (see
>> http://code.djangoproject.com/wiki/SessionMessages#IntegratingwiththeExistingAPI
>> )
>>
>> * Review/add to the TODO list on the wiki
>> (http://code.djangoproject.com/wiki/SessionMessages#TODOOnceaSolutionisChosen
>> )
>
> I should have also added:
>
> * Coming to consensus on a de facto standard API suitable for
> inclusion in Django
>
> I originally put it on the TODO list, but in retrospect the discussion
> needn't wait till we pick a solution.
>
> As a practical starting point, I copied the API for django-notify to
> the wiki page.  I like the general form of that API, but I'd be
> slightly more happy with something like:
>
> from django.contrib import messages
>
> request.messages.add('message', messages.INFO)
> # or
> request.messages.add('message', classes=(messages.WARNING,))
> # or
> request.messages.error('message')
>
> A la python logging, I think endorsing a specific set of message
> classes or tags (but still allowing them to be extended) is A Good
> Thing because it helps reusable apps provide more customized feedback
> in a standard way.
>
> Tobias
> --
> Tobias McNulty
> Caktus Consulting Group, LLC
> P.O. Box 1454
> Carrboro, NC 27510
> (919) 951-0052
> http://www.caktusgroup.com
>
> >