Created
February 13, 2012 17:08
-
-
Save playpauseandstop/1818351 to your computer and use it in GitHub Desktop.
Logout all active Django sessions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| from django.conf import settings | |
| from django.contrib.auth import logout | |
| from django.contrib.auth.models import User | |
| from django.contrib.sessions.models import Session | |
| from django.http import HttpRequest | |
| from django.utils.importlib import import_module | |
| def init_session(session_key): | |
| """ | |
| Initialize same session as done for ``SessionMiddleware``. | |
| """ | |
| engine = import_module(settings.SESSION_ENGINE) | |
| return engine.SessionStore(session_key) | |
| def main(): | |
| """ | |
| Read all available users and all available not expired sessions. Then | |
| logout from each session. | |
| """ | |
| now = datetime.datetime.now() | |
| request = HttpRequest() | |
| sessions = Session.objects.filter(expire_date__gt=now) | |
| users = dict(User.objects.values_list('id', 'username')) | |
| print('Found %d not-expired session(s).' % len(sessions)) | |
| for session in sessions: | |
| username = session.get_decoded().get('_auth_user_id') | |
| request.session = init_session(session.session_key) | |
| logout(request) | |
| print(' Successfully logout %r user.' % username) | |
| print('All OK!') | |
| if __name__ == '__main__': | |
| main() |
Secondly, line 28,
users = dict(User.objects.values_list('id', 'username')), isn't used anywhere. I assume the intention was to have line 33user_id = session.get_decoded().get('_auth_user_id')and replace line 37 withprint('Successfully logout %s user.' % users[user_id]).
users[int(user_id)] # need to cast to int
Also, don't forget to swap the user model out, if User is not what you use.
We can use this code if we need to logout specific User
class User(Model):
last_logout = models.DateTimeField(null=True, blank=True)
def get_session_auth_hash(self):
"""
Repeating base method logic here, but adding last_logout if its not None
In case if last_logout changes all User's sessions will expire
"""
key_salt = "django.contrib.auth.models.AbstractBaseUser.get_session_auth_hash"
value = f"{self.password}"
if self.last_logout is not None:
value = f"{value}{self.last_logout}"
return salted_hmac(key_salt, value).hexdigest()
def logout(self):
self.logout = datetime.now()
self.save()
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
from importlib import import_module