I did it using PHP. It can be circumvented but it's not something
the average user would do. Everytime an user logins, the session id is
stored on a table, with the time and the user id. On every request by
every logged in user, I put every previous session ids from the user
id on an array, remove the last element (which is the current session
id), reverse the array (to increase the chance of finding the current
session id faster), and check if the current session id is in there.
Here's part of the code, I hope you can translate it to
Python/Django. It costs one query on every page request, but since I
charge people based on the number of users they create, I can't let
them logon with the same username :)
$sql = "SELECT session_id FROM access WHERE user_id = '$user_id' ORDER BY time";
$session_id_list = // queries and stuff to make the above SQL data in an array;
$last_session_id = array_pop($session_id_list);
$session_id_list_reverse = array_reverse($session_id_list);
foreach ($session_id_list_reverse as $key => $_session_id) {
if ($last_session_id == $_session_id) {
unset($session_id_lista_reverse[$key]);
}
}
if (in_array(session_id(), $session_id_list)) {
header('logout.php');
}
You can clean the 'access' table every once in a while to keep it
small (I do it weekly).
So, what happens is that I am checking if any session id, other than
the last one from an user on my access table, is his current one. If
it is, he's logged out, but the user who came later keeps logged in.
It can happen that users will have to logon twice, but it never
happened to any of my users, I just know it's something possible but I
never bothered to fix it, because it only happens if they return to
the login page without clicking on the logout button or closing the
browser, and really my users don't have many reasons to return to this
particular login page, which is just a form. Worst case, they only
have to type their username and password twice.
On 3/16/07, cwurld <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> In order for users to use my Django site they must login. I am using
> the standard auth app. I set the session to expire when the browser is
> closed or when the user clicks a log out button.
>
> I would like to find a way to prevent users from simultaniously
> logging in from different computers but using the same username and
> password.
>
> Any suggestions?
>
> Thanks,
> Chuck
>
>
> >
>
--
Julio Nobrega - http://www.inerciasensorial.com.br
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
