tags:

views:

286

answers:

3
Q: 

Allow only one concurrent login per user in django app

is it possible to allow only one concurrent login per user in django application? if yes, how do you approach?

A: 

I'm going to assume that you mean logged in at once, and not one "login" at the same time.

I've never written a Django application before. But one method I've used in other languages, is to store the session ID of the logged in user in their user row in the database.

For example, if you have a users table in your database, add a field "session_id" and then when the user logs in, set that to their current session_id. On every page load check to see if their current session matches the session_id in the users table. Remember whenever you regenerate their session_id in your application, you'll need to update the database so they don't get logged out.

Some people when a user logs in, just store all the users details into a session and never re-call the database on a new page load. So for some this "extra" SQL query might seem wrong. For me, I always do a new query on each page load to re-authenticate the user and make sure their account wasn't removed/suspended and to make sure their username/password combo is still the same. (What if someone from another location changed the password, or an administrator?)

William  2009-11-29 02:37:16
+4  A: 

This question is mostly answered here (stackoverflow.com).

SapphireSun  2009-11-29 03:26:10
A: 

You need to create some model that save session_key for each user And create middleware that checks session key in that model for each user - if it does not equal to request.session_key - than remove that session(=logout user, allowing only current to stay)

#models.py
class Visitor(model.model):
    user = models.OneToOneField(User)
    session_key = models.CharField(null=True, blank=True)

#and you need to setup signal catching from User model - so for each User Visitor is created

#middleware.py
class OnlyOneUserMiddleware(object):
    def process_request(self, request):
         cur_session_key = request.user.visitor.session_key
         if cur_session_key and cur_session_key != request.session.session_key:
             Session.objects.get(session_key=cur_session_key).delete()
         #the following can be optimized(do not save each time if value not changed)
         request.user.visitor.session_key = request.session.session_key
         request.user.visitor.save()
Pydev UA  2009-11-29 06:03:19

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python