Disallow multiple logins, i.e. from other computer or browser

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def login(request, *args, **kwargs):
    if request.method == 'POST':
        username = request.POST['username']
        uid = None
        try:
            user = User.objects.get(username = username)
            uid = user.id
        except ObjectDoesNotExist:
            pass
        if uid:
            sid = request.session.session_key
            duplicate_login = False
            sessions = Session.objects.all()
            for s in sessions:
                data = s.get_decoded()
                db_uid = -1
                db_sid = s.pk
                if data.has_key('_auth_user_id'):
                    db_uid = int(data['_auth_user_id'])
                    if uid == db_uid and sid != db_sid:
                        if datetime.now() < s.expire_date:
                            duplicate_login = True
            if duplicate_login:
                return render_to_response('duplicate_login.html',
                    context_instance = RequestContext(request))
    return auth_views.login(request, *args, **kwargs)

More like this

  1. duplicate model object merging script by nstrite 5 years, 10 months ago
  2. Duplicate related objects of model instance by johnboxall 4 years, 5 months ago
  3. Decorate Template Tag (In-Line include and extend with local context) by rhomber 3 years, 5 months ago
  4. login on activation with django-registration by morgan 3 years, 3 months ago
  5. Mobilize your Django site by stevena0 4 years, 2 months ago

Comments

regs (on October 24, 2010):

This is definitely NOT A GOOD THING TO DO:

line 13: sessions = Session.objects.all()

line 14: for s in sessions:

You can at least filter the query set - a slightly loaded server will just drop dead when you enable the above snippet.

#

(Forgotten your password?)