Re: Restrict access to one device per user at any given time

[Mark Robson]

Hi,

You should not prohibit the user from logging on, rather, you should "log 
out" their previous session when they start a new one (e.g. on a different 
device). You might want to notify the user when this happens, to enable 
them to detect if their account has been compromised (more easily).

As Django already has session management, you should be able to use this. 
You can store a table of current logins by user, and store the session ID 
in there. If the current session ID is not the latest one for the user, 
then your code should automatically log them out (because they've logged on 
elsewhere). 

I doesn't sound very difficult to me.

Mark

On Friday, June 21, 2013 10:40:39 AM UTC+1, mjh wrote:
>
> Hi,
>
> I am trying to figure out the best way of restricting access to a given 
> django project so that a single user can login as normal but then has to 
> logout again if they want to access it from a different session.
>
> I am thinking just to set a flag in the userprofile table upon login and 
> then remove the flag when the user logs out, however, I'm sure this is a 
> prone to the situation where a user is thrown out of their session for 
> whatever reason and the code doesn't reset the flag. In this case the user 
> will not be able to login ever again!
>
> Is there a way to store device level details so that I can check against 
> that sort of data - this may be a more robust solution I'm guessing.
>
>
> How have people tackled this and what are the things to look out for?
>
> Regards,
>
> mjh
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Creating database views, functions, stored procedures etc

[Mark Robson]

Hi,

I've got a Django application which uses a mixture of managed and unmanaged 
models.

The managed models get their tables created in the usual way, the unmanaged 
ones via a number of .sql files in the application/sql directory.

This works fine, but I also have some views and user-defined functions in 
the database. Until now I've been manually creating these after 
installation.

However, I'm trying to add better unit-tests, some of which will need to 
use the views and functions.

I've done a lot of research and apparently drawn a blank on this. I can 
hook the post_syncdb signal in my application, but this is executed after 
syncdb, but before custom SQL has been run.

Or alternatively, I could "tack on" the views and functions to one of my 
models' .sql files, and hope that it works - but of course, the views are 
executing joins, so I need the tables they depend upon to be all created 
beforehand.

(NB: I'm using Postgresql, if it makes any difference)

Does anyone have a suggestion for how to handle this?

Thanks

Mark

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.