Issue with Django-axes

[Arun S]

Hi,

i am using django-axes package and want to lock out a user based on userid.

Now there is an issue that the user gets locked out from one IP, but the same user can still login from a different IP successfully.
Which negates the whole use of a security requirement of locking a particular user for a period of time.

I read at mulitple places that there is an issue with the axes package itself.

Is there  any middleware that can be used with Django which can handle this situation.


Cheers
Arun.

[Babatunde Akinyanmi]

I think the only way you will be able to uniquely identify a computer is by using a "permanent"  cookie. I find such practice very very intrusive and it's something I will personally not do. 

Meanwhile, IP addresses, cookies and the likes are good to identify computers not users. If you really want to identify a user, you will have to make them log in. 

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0913a3c8-7dd4-42cf-8524-c638ac26af38%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Melvyn Sopacua]

On Monday 06 March 2017 01:51:13 Arun S wrote:

 

> i am using django-axes package and want to lock out a user based on

> userid.

 

If you want to deactivate the account, then do so.

"The login_required decorator does NOT check the is_active flag on a user, but the default AUTHENTICATION_BACKENDS reject inactive users."

 

From the docs.

--

Melvyn Sopacua