Skip to main content

A Django app to enforce users to work only on one browser/device.

Project description

Django-single-session

PyPi version Documentation Status PyPi license Code style: black

A Django app that enforces that a user has only one active session: if the user logs in on another browser/device, then the previous sessions will log out.

The app will also add an extra action to the ModelAdmin of the user model (if there is such ModelAdmin), that will alow to log out all sessions of a given (set of) user(s).

Installation

The package can be fetched as django-single-session, so for example with pip with:

pip3 install django-single-session

One can install the app by adding the single_session app to the INSTALLED_APPS setting:

# settings.py

# ...

INSTALLED_APPS = [
    # ...,
    'django.contrib.sessions',
    # ...,
    'single_session'
    # ...
]

MIDDLEWARE = [
    # ...,
    'django.contrib.sessions.middleware.SessionMiddleware',
    # ...,
    'django.contrib.auth.middleware.AuthenticationMiddlware',
    # ...
]

SESSION_ENGINE = 'django.contrib.sessions.backends.db'

For the SESSION_ENGINE setting, the database backend, django.contrib.sessions.backends.db should be used, since that is the one where the item is linking to.

In order to work properly, the SessionMiddleware and AuthenticationMiddleware will be necessary, or another middleware class that will add a .session and .user attribute on the request object and will trigger the user_logged_in and user_logged_out signals with the proper session and user.

and running migrate to migrate the database properly:

python3 manage.py migrate single_session

This will by default enforce that a user will only have one logged in session. This will not proactively logout existing sessions: only if the user logs in with another browser or device, the old session(s) will be closed.

Configuration

One can disable the single session behavior by specifying the SINGLE_USER_SESSION setting in settings.py and thus setting this value to False (or any other value with truthiness False).

The toolo will also clean up all sessions of a user in case that user logs out. This thus means that if a user logs out on one browser/device, they will log out on all other browsers/devices as well. This functionality is still enabled if SINGLE_USER_SESSION is set to False. You can disable this by setting the LOGOUT_ALL_SESSION setting in settings.py to False (or any other value with truthiness False).

Logging out (other) users

If there is a ModelAdmin for the user model (if you use the default user model, then there is such ModelAdmin), and the django.contrib.admin package is installed, then that ModelAdmin will have extra actions to log out normal users and admin users.

You can thus select users, and log these out with the "Log out the user on all sessions" action. This will invalidate all the sessions for (all) the selected user(s). In order to do this, the single_session.logout permission is required, so only admin users and users with such permission can log out other users. Users with such permission can log out users, but not admin users.

There is an extra permission named single_session.logout_all to log out all users, including admin users. Users with such permission can thus also log out admin users, so it might be better not to give such permission to all (staff) users.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-single-session-0.1.1.tar.gz (14.5 kB view details)

Uploaded Source

Built Distribution

django_single_session-0.1.1-py3-none-any.whl (10.5 kB view details)

Uploaded Python 3

File details

Details for the file django-single-session-0.1.1.tar.gz.

File metadata

  • Download URL: django-single-session-0.1.1.tar.gz
  • Upload date:
  • Size: 14.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.9.13

File hashes

Hashes for django-single-session-0.1.1.tar.gz
Algorithm Hash digest
SHA256 46d1ab6c85524ade3ab6e20b1185b3391cd05c2fefcecbc86152cee25cf47a5d
MD5 1b5580fd8aef9a196d89d89231059da8
BLAKE2b-256 e00bd1ea855d693e7debe61c04640dae9825da098f8de66b33952a7c8a446547

See more details on using hashes here.

File details

Details for the file django_single_session-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for django_single_session-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 5417c249665f679b7df6a79a9a89b6d7de7770963d6e52c149376a668a5a8a40
MD5 6bcfed9d707c3458d831ffb18e0094d5
BLAKE2b-256 ccc71234efd371d643b316fb2d333810b4a0f1c57329b7acd7c3f6974b17ace1

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page