Anonymous¶
Give a visitor a real session with no credentials, so your app can persist state — carts, drafts, preferences — against a stable user id before they ever register. When the guest later signs up, your application decides how to migrate their data.
Install¶
Ships with the core; there is no extra to install.
Setup¶
import deadbolt as db
from deadbolt.plugins.anonymous import anonymous
auth = db.Auth(
adapter=db.MemoryAdapter(),
secret="a-32-byte-or-longer-secret......",
email_and_password=db.EmailPassword(enabled=True),
plugins=[anonymous()],
)
Run the schema generator (or your migration) so the anonymous table exists.
Configuration¶
| Parameter | Type | Default | Description |
|---|---|---|---|
email_domain |
string | "anonymous.deadbolt" |
Domain used to synthesize each guest's unique placeholder email (anon-<id>@<domain>). |
API¶
POST /sign-in/anonymous¶
Creates a guest user and returns a session. Auth: public. Request: no body.
Response 200: { "user": { ... }, "is_anonymous": true }, plus the session cookie.
Notes¶
- Real, working session. The guest session behaves like any other —
get-sessionreturns the user, and every plugin sees a normal signed-in user. - Marked as a guest. Each anonymous user has a row in the
anonymoustable, so you can detect guests (SELECT ... FROM anonymous WHERE user_id = ?) and treat them differently. - Linking is yours to define. deadbolt does not auto-merge a guest into a real account, because what "migrate their data" means is application-specific. On sign-up, look up the current anonymous user, move whatever rows you own to the new user id, then delete the guest.
- Housekeeping. Guests accumulate; periodically prune stale
anonymoususers the same way you prune expired sessions.