4

I need some help to find out how to test if a user is currently logged in or not. I searched online and found that there are solutions for view method to pull out user from request and test it:

if request.user.is_authenticated():

However, in my situation I need something like the following:

user = User.objects.get(id=1)
if user.is_logging_in():
    # do something
else:
    # do something else

Does this kind of functionality exists in Django? Thanks!

Shang Wang
  • 24,909
  • 20
  • 73
  • 94
  • 1
    do you mean while writing unit tests? – Yeray Diaz Jan 15 '14 at 21:02
  • @YerayDiazDiaz: Not in this case but I might need it for the testing in the future. – Shang Wang Jan 15 '14 at 21:04
  • I'm curious about what use-case is behind the question? Coding for "is logged in" can be a challenging concept in typical HTTP based client-server applications. E.g. is_authenticated() tells you whether the requesting user is authenticated but by the time the request hits the server they may have closed the browser window. I've had the same question before but realised I was looking for the wrong thing. – Dwight Gunning Jan 15 '14 at 21:36
  • @dwightgunning: To make it simple, I have a Client table that has m2m relation with django.auth.user. I want to check when a user A is logged out, is there any other users that has the same client as A that are still logged in. – Shang Wang Jan 15 '14 at 22:16

1 Answers1

3

I do not believe that that information exists in a supported manner. My understanding is that the user authentication system uses the SessionMiddleware to store whether the session has an authenticated user associated with it. To clarify, when a user logs in, the session stores data saying that the client on the other side is user such and such.

What you would need to do is go through all the sessions and determine whether or not the session has an associated user and if so, who that user is. As far as I understand, there is no way to iterate through the sessions, but I could be wrong.

From this answer I have found a way that you could achieve the same effect however.

from django.contrib.auth.signals import user_logged_in, user_logged_out

def record_user_logged_in(sender, user, request, **kwargs):
    # Record the user logged in

def record_user_logged_out(sender, user, request, **kwargs):
    # Record the user logged out

user_logged_in.connect(record_user_logged_in)
user_logged_out.connect(record_user_logged_out)

I'll leave it up to you as to how to store the information pertained to logged in/out but a model would be a good way of doing it. I should point out that I don't believe this covers the case of users' credentials timing out (from session timing out).

Also, I have just come across this answer which links here which is a project to track active users. I'm not sure how much overhead it adds, but just thought I'd add it.

Community
  • 1
  • 1
CrazyCasta
  • 26,917
  • 4
  • 45
  • 72
  • Thanks for the answer. I have already had the signal implemented, and I created a field in the database to have a counter to record user login/logout process. However, I'm a little worried about any edge cases for this counter to go wrong. Can you possibly think of any situations? But your answer makes perfect sense and could be helpful to others. Will accept it. – Shang Wang Jan 15 '14 at 22:10
  • @da_zhuang Well, I admit there are probably some edge cases, but if you are concerned about edge cases I think you'll need to be very specific as to what you consider a "logged in user". Are you considering any user to be logged in if it is possible that request.user.is_authenticated() will return True for a given user (without them first logging in of course)? – CrazyCasta Jan 15 '14 at 22:13
  • Well not that complicated :). After my discussion with other team members, we decided to implement forcing users to logout after they are inactive for 5 minutes. – Shang Wang Jan 15 '14 at 22:21
  • How exactly to you plan to "force" them to logout after 5 minutes? – CrazyCasta Jan 15 '14 at 22:22