Electronics & Programming

develissimo

Open Source electronics development and programming

  • You are not logged in.
  • Root
  • » Django
  • » Limit number of concurrent non-admin/non-superuser users [RSS Feed]

#1 Dec. 10, 2010 15:07:24

S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Limit number of concurrent non-admin/non-superuser users


I'm trying to limit the number of concurrent users attached to my
Django website. For example I need to implement a floating license
system. I've seen a few snippets but so far I think they all implement
a middleware. I'm trying to avoid using a middleware because I don't
want the overhead on every request and because I want to try to limit
this when the user tries to login. I only want to restrict the number
of non-admin and non-superuser users.

I thought I could check all current sessions with expiry times in the
future but this makes the assumption that a session's expiry time will
be set to the current time when the user logs out of when they close
their browser (SESSION_EXPIRE_AT_BROWSER_CLOSE = True). However, my
understanding of the session system was incorrect and this isn't
possible.

Any ideas how this can be implemented?
Thanks

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#2 Dec. 10, 2010 15:45:30

Daniel R.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Limit number of concurrent non-admin/non-superuser users


On Dec 10, 3:07 pm, Stodge <sto...@gmail.com> wrote:
> I'm trying to limit the number of concurrent users attached to my
> Django website. For example I need to implement a floating license
> system. I've seen a few snippets but so far I think they all implement
> a middleware. I'm trying to avoid using a middleware because I don't
> want the overhead on every request and because I want to try to limit
> this when the user tries to login. I only want to restrict the number
> of non-admin and non-superuser users.
>
> I thought I could check all current sessions with expiry times in the
> future but this makes the assumption that a session's expiry time will
> be set to the current time when the user logs out of when they close
> their browser (SESSION_EXPIRE_AT_BROWSER_CLOSE = True). However, my
> understanding of the session system was incorrect and this isn't
> possible.
>
> Any ideas how this can be implemented?
> Thanks

The problem is the stateless nature of HTTP. Between requests, there's
nothing that identifies to the server that the browser is still
'connected', so you can't identify how many people are passively
browsing a page, and how many have turned off their computer or even
just gone to another site.

You're not going to be able to do it without some sort of overhead. I
would suggest something like a bit of Javascript, which pings the
server every 20 seconds or so while the user is on a logged-in page,
to show that it is still active. But that certainly has non-trivial
overhead.
--
DR.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

#3 Dec. 16, 2010 13:03:45

S.
Registered: 2009-11-02
Reputation: +  0  -
Profile   Send e-mail  

Limit number of concurrent non-admin/non-superuser users


I added an ajax call to log the user out when they close the browser.
It works in Firefox and Chrome but is this an acceptable/safe
practice?

I experimented with

SESSION_SAVE_EVERY_REQUEST=True
SESSION_COOKIE_AGE = 300

which works but I can't guarantee that requests are sent frequently
enough to ensure a user remains logged in. Typically with my site,
requests are sent at least every minute to refresh displayed data.



On Dec 10, 10:45 am, Daniel Roseman <dan...@roseman.org.uk> wrote:
> On Dec 10, 3:07 pm, Stodge <sto...@gmail.com> wrote:
>
>
>
>
>
>
>
>
>
> > I'm trying to limit the number of concurrent users attached to my
> > Django website. For example I need to implement a floating license
> > system. I've seen a few snippets but so far I think they all implement
> > a middleware. I'm trying to avoid using a middleware because I don't
> > want the overhead on every request and because I want to try to limit
> > this when the user tries to login. I only want to restrict the number
> > of non-admin and non-superuser users.
>
> > I thought I could check all current sessions with expiry times in the
> > future but this makes the assumption that a session's expiry time will
> > be set to the current time when the user logs out of when they close
> > their browser (SESSION_EXPIRE_AT_BROWSER_CLOSE = True). However, my
> > understanding of the session system was incorrect and this isn't
> > possible.
>
> > Any ideas how this can be implemented?
> > Thanks
>
> The problem is the stateless nature of HTTP. Between requests, there's
> nothing that identifies to the server that the browser is still
> 'connected', so you can't identify how many people are passively
> browsing a page, and how many have turned off their computer or even
> just gone to another site.
>
> You're not going to be able to do it without some sort of overhead. I
> would suggest something like a bit of Javascript, which pings the
> server every 20 seconds or so while the user is on a logged-in page,
> to show that it is still active. But that certainly has non-trivial
> overhead.
> --
> DR.

--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group athttp://groups.google.com/group/django-users?hl=en.

Offline

  • Root
  • » Django
  • » Limit number of concurrent non-admin/non-superuser users [RSS Feed]

Board footer

Moderator control

Enjoy the 21st of October
PoweredBy

The Forums are managed by develissimo stuff members, if you find any issues or misplaced content please help us to fix it. Thank you! Tell us via Contact Options
Leave a Message
Welcome to Develissimo Live Support