Django snippets: StrictAuthentication - Auto log-out inactive users

from django.contrib.auth import logout

class StrictAuthentication:
        def process_view(self,request,view_func,view_args,view_kwargs):
                if request.user.is_authenticated() and not request.user.is_active:
                        logout(request)

This dead-simple piece of middleware adds a terrific security feature to django authentication. Currently, users who's accounts are de-activated still may have a cookie and a login session. This middleware destroys that session on their next request.

Simply add this class into a middleware.py and add it to your settings.

Author:: yeago
Posted:: October 2, 2008
Language:: Python
Tags:: authentication middleware security sessions
Score:: None (after 0 ratings)

Tools

Download this snippet
Comment on this snippet

Django snippets

StrictAuthentication - Auto log-out inactive users

Tools

Comments

Snippets

About