I added an ajax call to log the user out when they close the browser. It works in Firefox and Chrome but is this an acceptable/safe practice?
I experimented with SESSION_SAVE_EVERY_REQUEST=True SESSION_COOKIE_AGE = 300 which works but I can't guarantee that requests are sent frequently enough to ensure a user remains logged in. Typically with my site, requests are sent at least every minute to refresh displayed data. On Dec 10, 10:45 am, Daniel Roseman <dan...@roseman.org.uk> wrote: > On Dec 10, 3:07 pm, Stodge <sto...@gmail.com> wrote: > > > > > > > > > > > I'm trying to limit the number of concurrent users attached to my > > Django website. For example I need to implement a floating license > > system. I've seen a few snippets but so far I think they all implement > > a middleware. I'm trying to avoid using a middleware because I don't > > want the overhead on every request and because I want to try to limit > > this when the user tries to login. I only want to restrict the number > > of non-admin and non-superuser users. > > > I thought I could check all current sessions with expiry times in the > > future but this makes the assumption that a session's expiry time will > > be set to the current time when the user logs out of when they close > > their browser (SESSION_EXPIRE_AT_BROWSER_CLOSE = True). However, my > > understanding of the session system was incorrect and this isn't > > possible. > > > Any ideas how this can be implemented? > > Thanks > > The problem is the stateless nature of HTTP. Between requests, there's > nothing that identifies to the server that the browser is still > 'connected', so you can't identify how many people are passively > browsing a page, and how many have turned off their computer or even > just gone to another site. > > You're not going to be able to do it without some sort of overhead. I > would suggest something like a bit of Javascript, which pings the > server every 20 seconds or so while the user is on a logged-in page, > to show that it is still active. But that certainly has non-trivial > overhead. > -- > DR. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
