python django 应用程序中每个用户只允许一次同时登录
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1814437/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Allow only one concurrent login per user in django app
提问by Mohamed
is it possible to allow only one concurrent login per user in django application? if yes, how do you approach?
是否可以在 Django 应用程序中每个用户只允许一个并发登录?如果是,你如何处理?
回答by Patrick
I needed this in my applications so I created a django packagewhich is now on pypi (pip install django-preventconcurrentlogins).
我在我的应用程序中需要这个,所以我创建了一个现在在 pypi 上的django 包(pip install django-preventconcurrentlogins)。
The package is based on peterdemin's snippet: https://gist.github.com/peterdemin/5829440
该软件包基于 peterdemin 的片段:https://gist.github.com/peterdemin/5829440
Hope this helps someone in the future.
希望这对将来的人有所帮助。
回答by SapphireSun
回答by Pydev UA
You need to create some model that save session_key for each user And create middleware that checks session key in that model for each user - if it does not equal to request.session_key - than remove that session(=logout user, allowing only current to stay)
您需要创建一些模型来为每个用户保存 session_key 并创建中间件来检查每个用户在该模型中的会话密钥 - 如果它不等于 request.session_key - 然后删除该会话(=注销用户,只允许当前保留)
#models.py
class Visitor(model.model):
user = models.OneToOneField(User)
session_key = models.CharField(null=True, blank=True)
#and you need to setup signal catching from User model - so for each User Visitor is created
#middleware.py
class OnlyOneUserMiddleware(object):
def process_request(self, request):
cur_session_key = request.user.visitor.session_key
if cur_session_key and cur_session_key != request.session.session_key:
Session.objects.get(session_key=cur_session_key).delete()
#the following can be optimized(do not save each time if value not changed)
request.user.visitor.session_key = request.session.session_key
request.user.visitor.save()
回答by William
I'm going to assume that you mean logged in at once, and not one "login" at the same time.
我将假设您的意思是一次登录,而不是同时“登录”一次。
I've never written a Django application before. But one method I've used in other languages, is to store the session ID of the logged in user in their user row in the database.
我以前从未编写过 Django 应用程序。但是我在其他语言中使用的一种方法是将登录用户的会话 ID 存储在数据库的用户行中。
For example, if you have a users table in your database, add a field "session_id" and then when the user logs in, set that to their current session_id. On every page load check to see if their current session matches the session_id in the users table. Remember whenever you regenerate their session_id in your application, you'll need to update the database so they don't get logged out.
例如,如果您的数据库中有一个用户表,请添加一个字段“session_id”,然后在用户登录时将其设置为他们当前的 session_id。在每个页面加载时检查他们的当前会话是否与用户表中的 session_id 匹配。请记住,每当您在应用程序中重新生成它们的 session_id 时,您都需要更新数据库,以免它们被注销。
Some people when a user logs in, just store all the users details into a session and never re-call the database on a new page load. So for some this "extra" SQL query might seem wrong. For me, I always do a new query on each page load to re-authenticate the user and make sure their account wasn't removed/suspended and to make sure their username/password combo is still the same. (What if someone from another location changed the password, or an administrator?)
有些人在用户登录时,只是将所有用户详细信息存储到会话中,而不会在新页面加载时重新调用数据库。所以对于某些人来说,这个“额外”的 SQL 查询可能看起来是错误的。对我来说,我总是在每个页面加载时执行新查询以重新验证用户并确保他们的帐户没有被删除/暂停并确保他们的用户名/密码组合仍然相同。(如果来自其他地方的人或管理员更改了密码怎么办?)
