- October 2, 2008
- middleware authentication security sessions
- 1 (after 1 ratings)
This dead-simple piece of middleware adds a terrific security feature to django authentication. Currently, users who's accounts are de-activated still may have a cookie and a login session. This middleware destroys that session on their next request.
Simply add this class into a middleware.py and add it to your settings.
1 2 3 4 5 6
from django.contrib.auth import logout class StrictAuthentication: def process_view(self,request,view_func,view_args,view_kwargs): if request.user.is_authenticated() and not request.user.is_active: logout(request)
More like this
- Add httponly to session cookie by rodolfo.3 6 years, 2 months ago
- Basic Auth Middleware by joshsharp 5 years ago
- RefreshSessionMiddleware by jcassee 7 years, 11 months ago
- JSON Web Token authentication middleware by andruwhart 2 months, 2 weeks ago
- create and authenticate an anonymous user by chr15m 6 years, 9 months ago