Django snippets: StrictAuthentication - Auto log-out inactive users

from django.contrib.auth import logout

class StrictAuthentication:
        def process_view(self,request,view_func,view_args,view_kwargs):
                if request.user.is_authenticated() and not request.user.is_active:
                        logout(request)

More like this

Auto Logout Middleware by LuckiDog 5 years, 7 months ago
Require login by url by zbyte64 4 years, 9 months ago
Add httponly to session cookie by rodolfo.3 3 years, 1 month ago
Clear session data on login and logout by jb0t 5 years, 1 month ago
Active / Inactive model manager by bendavis78 3 years, 12 months ago

This dead-simple piece of middleware adds a terrific security feature to django authentication. Currently, users who's accounts are de-activated still may have a cookie and a login session. This middleware destroys that session on their next request.

Simply add this class into a middleware.py and add it to your settings.

Author:: yeago
Posted:: October 2, 2008
Language:: Python
Django Version:: 1.0
Tags:: middleware authentication security sessions
Score:: 1 (after 1 ratings)

Django snippets

StrictAuthentication - Auto log-out inactive users

More like this

Tools

Comments

Snippets

About