2009/12/28 Daniel Roseman :
> On Dec 28, 11:26 am, NMarcu wrote:
>> Hello all,
>>
>> I want to let only one same user to be login in the same time. If I
>> connect from Paris with admin, and other user try to connect with
>> admin from other location, to get a message like it is already
>> connected. How can I do something like this?
>
> That's not easy. 'Logged in' status is not something that is stored on
> the server, but on the client (in the session). So the server does not
> actually know who is logged in at any one time. It does record the
> last time a particular user logged in, and I suppose you could create
> a user profile that records the last time the user performed an
> action, but it's not clear how you would determine that a user had
> logged out or that the session had expired.
> --
> DR.
>
> --
Actually i think it is stored on the server. You only get cookie in
your browser with the sessions key and session is stored in
django_session table in your database, and each record has session key
and expire time (providing you use SessionMiddleware).
You could override the login view to check if the user is logged in or
not and has the session expired. Though i _think_ you would need to
modify/hack the django.contrib.admin to use your login view rather the
the one built into django.
But all this seems a bit clumsy. I had a case where we should let one
type of users login only after the correct amount of other type of
users had been registered. But this was only for site login and none
of the plain users could use admin. So we just overrided built in
login view.
It looks something like:
@csrf_protect
@never_cache
def login(request, template_name='registration/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=None):
users = User.objects.filter(user_type="some_type").aggregate(Count('id'))
if users['id__count'] > 50:
from django.contrib.auth.views import login
return login(request, template_name, redirect_field_name,
authentication_form)
else:
raise SomeError # Or mess with POST data so the auth fails
This could be done much more elegantly with lower level API but this
was "just make it work" solution.
Instead of counting users you could say
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('home'))
In this example if the user is authenticated he gets redirected to
some home page of his/hers.
You can look in from django.contrib.auth.views.login source and see
how the developers do it and then copy the login function and work
your magic there but still you should hack the django.contrib.admin to
use that new login AFAIK.
It's not a perfect solution but it's all I've got ATM.
Davor
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.