How about creating request middleware to sign out deactivated users?
Something like:
if request.user.profile.expired:
logout(request)
If you're concerned about the extra database hit per request, then maybe
cache the expiration?
expire_date = cache.get("%d_expire" % request.user.id)
if not expire_date:
expire_date = request.user.profile.expire_date
cache.set(...)
if expire date < now()
logout(request)
_Nik
On 4/5/2013 4:24 PM, John DeRosa wrote:
> I have a Profile table that's 1:1 with the User table. Each Profile
> row has an account_expiration field.
>
> I want to invalidate users when their accounts expire. By
> "invalidate", I mean: They can't log in, and they can't use the system
> any more.
>
> The closer I look, the more complicated it seems.
>
> Adding an expiration date check to our authentication backend is the
> easy part. The hard part is what to do about users who are currently
> logged in? They have Session objects in the database, and the session
> cache. (We use django.contrib.sessions.backends.cached_db.) I could
> make a periodic task that deletes the session objects of expired
> accounts, but it would also have to find the expired objects in the
> cache. This starts to feel unwieldy and fragile.
>
> I could crank down SESSION_COOKIE_AGE to one hour, but that would be ugly.
>
> I'm wondering if I'm over-thinking this. Has anyone implemented
> account expiration in a way that deals with users already logged in?
>
> Thanks!
>
> John
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/django-users?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
