DEV Community

loading...

User Control Django Session

ashrafZolkopli
Full stack dev to be, Using this platform to share and also document my 100 days coding challenge.
・3 min read

Preface

In the last part of the Series, We made its so that our staff user can only have one user session at one time, however in the last series I decided not implement the session control towards normal user. For normal user I would prefer to display a list of all the session each user had, so that they can manually kill their session.

Going with this idea, I would now use a library called django-user-sessions. This library will display the list of user active session have the ability to kill all his/her session.

image
[courtesy of django-user-session]

Installation

Among all the post that I have been writing previously, most library are quick and easy in terms of installing and usage. However django-user-sessions package depends on GeoIP library. GeoIP library require a huge databased provided from Maxmind. You would need to navigate to a geolite2 page, register and download 2 files name GeoLite2-Country.mmdb.gz and GeoLite2-City.mmdb.gz as per instruction

image

Once your have the files, unzip the folder, copy and paste in your working environment like so

image

now lets install the GeoIP library and set the path directory

pipenv install geoip2
pipenv lock -r > requirements.txt
Enter fullscreen mode Exit fullscreen mode

and in your settings add this line

# GeoIP2 settings
# https://docs.djangoproject.com/en/3.2/ref/contrib/gis/geoip2/
GEOIP_PATH = BASE_DIR.joinpath("GeoIP")
Enter fullscreen mode Exit fullscreen mode

Now you should be able to use any package that require translation between IP to Geolocation

Installing django-user-session

lets now first install the library

pipenv install django-user-sessions
pipenv lock -r > requirements.txt
Enter fullscreen mode Exit fullscreen mode

now for something a bit controversial:

1) Replacing 'django.contrib.sessions' with 'user_sessions' in your INSTALLED_APP in your settings.py file

INSTALLED_APPS = [
    # ...
    # 'django.contrib.sessions',

    # Django-user-sessions
    'user_sessions'
    # ...
]
Enter fullscreen mode Exit fullscreen mode

2) Replacing your 'django.contrib.sessions.middleware.SessionMiddleware' with 'user_sessions.middleware.SessionMiddleware' in your MIDDLEWARE in your settings.py file

MIDDLEWARE = [
    # ...
    # 'django.contrib.sessions.middleware.SessionMiddleware',

    # Django-user-sessions
    'user_sessions.middleware.SessionMiddleware',
    # ...
]
Enter fullscreen mode Exit fullscreen mode

3) Add UserSession url in your urls.py file

from django.contrib import admin
from django.urls import path, include

urlpatterns = [
    path('admin/', admin.site.urls),
    path('', include('user_sessions.urls', 'user_sessions')),
]
Enter fullscreen mode Exit fullscreen mode

4) Setting the LOGOUT_REDIRECT_URL in settings.py file

# Common Django Settings
LOGOUT_REDIRECT_URL = '/'

Enter fullscreen mode Exit fullscreen mode

5) we can now do a make migrations and also migrate with the following command in your terminal:

python manage.py makemirgations 
python manage.py migrate
Enter fullscreen mode Exit fullscreen mode

6) If step 5 cause you some issue such as migrations conflict add the following line in your settings.py

SILENCED_SYSTEM_CHECKS = ['admin.E410']
Enter fullscreen mode Exit fullscreen mode

7) This step is optional if you are working from behind a reverse proxy such as Nginx,

a) install django-xforwardedfor-middleware

pipenv install django-xforwardedfor-middleware==2.0
pipenv lock -r > requirements.txt
Enter fullscreen mode Exit fullscreen mode

2) In your settings.py file, in your MIDDLEWARE add the following

MIDDLEWARE = [
    # ...
    # django-xforwardedfor-middleware
    # https://github.com/allo-/django-xforwardedfor-middleware
    'x_forwarded_for.middleware.XForwardedForMiddleware',
    # ...
]
Enter fullscreen mode Exit fullscreen mode

End

By completing the steps listed here, the user of your web app can now maintain on their own from which platform his/her have active session and kill the session if needed.

Discussion (0)