0

I am new to django i made a registration page and login page now i want a user registered to login to my website when a user is logged in i want to associate a session for user which only dies when he logs out or he closes the browser now whenever the user loads the page even after a week if the browser is not closed he should be granted access.Now the django is storing sessions in its database but will i be able to authenticate the user as different users have different permissions.can someone suggest any resource for my requirement.

identicon
  • 61
  • 1
  • 6
  • this is my custom method: https://pastebin.com/40fzr5nG – Diego Avila Jun 21 '18 at 16:49
  • whe the user submit form login go to validate function.. if password and user is correct i save user name on session and validate by this username on each views.. – Diego Avila Jun 21 '18 at 16:50
  • but where is the session stored in memory or database – identicon Jun 21 '18 at 17:35
  • in this case i use on memory – Diego Avila Jun 21 '18 at 17:35
  • now if the user access the page after a week i still have to grant him access so in this method the data will be stored in memory for week ,storing the data for many users this way will overload the server – identicon Jun 21 '18 at 17:37
  • yeah of course i work on app with django and with this method the session is every time...only when the user close the session(logout) only in this case destroyed the session – Diego Avila Jun 21 '18 at 17:40
  • in this case the session is the client side dont server side – Diego Avila Jun 21 '18 at 17:42
  • @Tegito123 Your login/auth function is just a poorer version of what django's auth framework provides. @identicon Ending the user's session when they close their browser is up to the browser, not the server. You can tell the browser to end the session by setting `SESSION_EXPIRE_AT_BROWSER_CLOSE = True` in `settings.py`. If you want to enforce this you need to have the client ping an endpoint on your server once in a while, and when they stop pinging you invalidate the session in the database. – Jessie Jun 21 '18 at 17:50
  • ok if we store username in session in client side if user changes it how are we going to authorize it we need something to be stored in server side – identicon Jun 21 '18 at 17:52
  • i found what i needed gavinballard.com/associating-django-users-sessions – identicon Jun 21 '18 at 18:23

1 Answers1

0

I found what i needed http://gavinballard.com/associating-django-users-sessions/ its by creating a custom model extending the default one.

identicon
  • 61
  • 1
  • 6