On Fri, 2009-07-31 at 19:43 -0700, django user wrote: > I'm interested in a solution for this as well. > > I am thinking that a good way might be to rewrite the auth middleware > to check and see if a user login for this user exists and if it does > then remove that login and log in the current user. A message could > then be passed to the login page letting them know that they have > logged in elsewhere and their session at this computer was ended.
HTTP is a stateless protocol. By design. As has been pointed out in another reply in this thread, the concept of "already logged in" is therefore no very well defined. Because it implies there is a concept of logged out. Which generally doesn't happen. All you can know is that you have seen a particular session cookie before. However, you are not guaranteed to know that you will never see a session cookie again in the future unless the user explicitly tells you to delete it. And that isn't always possible. What if you have browser-based sessions, so the cookies expires when the browser is closed. And now the user's browser crashes, or they shut it down, or their laptop battery runs out? They no longer have the cookie and so they cannot tell you to remove it. That's just one of a large number of scenarios in which you are setting things up so that users will not be able to use your site as a result of fairly normal behaviour of themselves and their computers. > > I don't know if django has a good way to query if the user is logged > in or not... You cannot query for session identifiers by username, no. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
