I have a Profile table that's 1:1 with the User table. Each Profile row has an account_expiration field.
I want to invalidate users when their accounts expire. By "invalidate", I mean: They can't log in, and they can't use the system any more. The closer I look, the more complicated it seems. Adding an expiration date check to our authentication backend is the easy part. The hard part is what to do about users who are currently logged in? They have Session objects in the database, and the session cache. (We use django.contrib.sessions.backends.cached_db.) I could make a periodic task that deletes the session objects of expired accounts, but it would also have to find the expired objects in the cache. This starts to feel unwieldy and fragile. I could crank down SESSION_COOKIE_AGE to one hour, but that would be ugly. I'm wondering if I'm over-thinking this. Has anyone implemented account expiration in a way that deals with users already logged in? Thanks! John -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.