On Thu, Apr 15, 2010 at 10:51 PM, [email protected] <[email protected]> wrote: > Please note I've already consulted [email protected] about > this and Jacob told me to post it here if I wanted to. > > One problem with authenticated sessions is that, upon de-activation of > a user's account, any sessions that user has remain live until they > logout. > > I think it would be a good idea to add a middleware to auth which > checked is_active and, if it was found to be False, redirected the > user to the logout url. Indeed it may look something like this: > http://dpaste.com/184192/
This came up about a month ago (search django dev for the subject "logialogin_required does not check User.is_active"). It resulted in ticket #13125. Yours, Russ Magee %-) > -Steve > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
