- Setting up a django server
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python manage.py makemigrations
$ python manage.py migrate
- Create a superuser with username and mobile number of the superuser as password for accessing the API doc
$ python manage.py createsuperuser
- Run the django development server
$ python manage.py runserver
- Visit the API documentation to view all the end points
-
Custom model
UserSessionsdefined to store the sessions details like client-ip,client-agent,etc along with is_active attribute that determines if the session is active. -
When a user logs in the signal
user_logged_in_handlerinvalidates all the old active sessions of the user and creates a new valid session. -
When a user logs out the signal
user_logged_out_handleinvalidates the current session by updatingis_active=False. -
To test if the user is operating the same account on multiple devices, a custom permission
ValidSessionPermissionis defined which returnsFalseif the current session's attributeis_active=False.
- Create a user with username and mobile number
- Login with that username and password on two different browsers simultaneously and visit this link.
- An
HTTP 403response is encountered on the browser that logged in first and has older concurrent session with error message{"detail": "There is already another session up and running, please logout and login again.}"
-
Login as a superuser and visit either the docs or directly visit http:https://localhost:8000/users/session/{mobile_number} with the users mobile number in place of {mobile_number} in the url.
-
To see a detailed list of user sessions visit the docs or http:https://localhost:8000/users/session/{mobile_number}/v with mobile number of the user in place of {mobile_number of the user}