Prevent multiple logins from the same user using the same login credentials

[Accessorize Withwah]

Is there a way to prevent a user from logging into my application multiple times maybe using different devices or from different locations?

I came across some information somewhere that one could use check_client=True, I'm just not sure how it works & if it can help me achieve my task.

Thank you

WaH

[Dave S]

I think that the last time this came up, it was recommended to set a flag in an auth extra field., and to check that flag.  It sounds like you only need to check on login, unless you want to prevent multiple tabs from one browser, which would require the post to include more information.

The  check_client setting doesn't ring any bells. and there doesn't seem to be anything in the book about it.  However, search the archives of the group.  (I would be skeptical of any post from before 2016, though, because of the evolution of web2py).

/dps

[Massimo Di Pierro]

There is no client_check in the web2py code base. Maybe that was a proposal to prevent sharing a session token. Do not remember.

It is easy todo anyway. Try:

auth.settings.extra_fields['auth_user'] = [Field('last_login', 'datetime')]

auth.settings.login_onvalidation.append(lambda form:  db(db.auth_user.email==form.vars['email'])(db.auth_user.last_login<request.now-datetime.timedelta(15)).count() and form.errors.update({'email', 'already logged in more than 15 mins ago'}))

auth.settings.login_onaccept.append(lambda form: db(db..auth_user.id==form.user['id']).update(last_login=request.now)

auth.settings.logout_onlogout = lambda user: db(db..auth_user.id==user['id']).update(last_login=None)