Hi, You should not prohibit the user from logging on, rather, you should "log out" their previous session when they start a new one (e.g. on a different device). You might want to notify the user when this happens, to enable them to detect if their account has been compromised (more easily).
As Django already has session management, you should be able to use this. You can store a table of current logins by user, and store the session ID in there. If the current session ID is not the latest one for the user, then your code should automatically log them out (because they've logged on elsewhere). I doesn't sound very difficult to me. Mark On Friday, June 21, 2013 10:40:39 AM UTC+1, mjh wrote: > > Hi, > > I am trying to figure out the best way of restricting access to a given > django project so that a single user can login as normal but then has to > logout again if they want to access it from a different session. > > I am thinking just to set a flag in the userprofile table upon login and > then remove the flag when the user logs out, however, I'm sure this is a > prone to the situation where a user is thrown out of their session for > whatever reason and the code doesn't reset the flag. In this case the user > will not be able to login ever again! > > Is there a way to store device level details so that I can check against > that sort of data - this may be a more robust solution I'm guessing. > > > How have people tackled this and what are the things to look out for? > > Regards, > > mjh > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
