Managing user state efficiently is essential in any web-based ERP system. In Odoo 19, session management plays a crucial role in authentication, user preferences, and temporary data handling. Understanding how session storage works helps developers build secure, scalable, and well-structured custom modules.
In this article, we will explore how session storage works in Odoo 19, the difference between server-side sessions and browser storage, and best practices for handling session data in custom development.
What is Session Storage?
Session storage refers to storing temporary user-specific data during an active session. This data persists while the user is logged in and is cleared when the session ends or expires.
In Odoo 19, session data exists mainly in two places:
- Server-side session (Python / HTTP layer)
- Client-side session (Browser storage – sessionStorage / localStorage)
Each serves a different purpose.
Server-Side Session in Odoo 19
Odoo uses a server-managed session system built on top of its HTTP framework. When a user logs in:
- A session ID is created.
- The session ID is stored in a browser cookie.
- The server maintains session data linked to that ID.
This session contains:
- uid (user ID)
- login
- context
- Allowed company IDs
- Authentication status
Accessing Session in Controllers
In Odoo 19, you can access session data inside HTTP controllers.
from odoo import http
from odoo.http import request
class MyController(http.Controller):
@http.route('/my/session', type='json', auth='user')
def get_session_data(self):
user_id = request.session.uid
user_login = request.session.login
return {
"user_id": user_id,
"login": user_login,
}
Here, request.session gives access to the current user's session.
Storing Custom Data in Session
You can also store custom values in the session.
request.session['my_custom_key'] = "Some temporary value"
Later, you can retrieve it:
value = request.session.get('my_custom_key')This data remains available during the user's session but is not stored permanently in the database.
Client-Side Session Storage (Browser Storage)
On the frontend side, Odoo 19 (OWL-based) can use browser storage mechanisms like:
- sessionStorage
- localStorage
Difference:
- sessionStorage > Cleared when browser tab is closed.
- localStorage > Persists even after browser restart.
Example in Odoo 19 JavaScript:
/** @odoo-module **/
sessionStorage.setItem("my_key", "Temporary Data");
const value = sessionStorage.getItem("my_key");
This is useful for:
- Temporary UI state
- Wizard progress
- Filters or tab selections
- Frontend-only preferences
However, sensitive data should never be stored in browser storage.
How Odoo 19 Handles Authentication Sessions
Odoo 19 uses secure cookies to maintain sessions. Important points:
- Session ID is stored in a browser cookie.
- The server validates each request against the session.
- If the session expires, the user must log in again.
- Sessions can be invalidated manually (logout or server restart).
Session expiration behavior depends on:
- Server configuration
- Proxy settings
- Worker timeout settings
Session vs Context in Odoo
Developers often confuse session data with context.
- Session > User-level temporary storage across requests.
- Context > Request-level configuration (language, timezone, company, etc.).
Example:
request.env.context
Context is passed between method calls and RPC calls, but it is not meant for persistent session storage.
Best Practices for Using Session Storage in Odoo 19
When working with session data, follow these guidelines:
- Avoid storing large objects in the session.
- Never store sensitive data like passwords.
- Use session only for temporary state.
- Clear custom session data when no longer needed.
- Prefer database storage for important business data.
For frontend state, prefer:
- OWL component state
- Browser sessionStorage for UI-only needs
- Database fields for business logic
Session storage in Odoo 19 plays an important role in managing user state and temporary data. The system relies on secure server-side sessions for authentication and user management, while developers can use browser storage for frontend state handling.
Understanding the difference between session, context, and persistent database storage is essential for building secure and scalable Odoo applications.
When used correctly, session storage improves user experience without compromising performance or security.
To read more about How to use Local Storage and Session Storage for Offline Functionalities in Odoo 19, refer to our blog How to use Local Storage and Session Storage for Offline Functionalities in Odoo 19.