- Setting up a django server
$ virtualenv -p python3 venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python manage.py makemigrations
$ python manage.py migrate
- Create a superuser with username and mobile number of the superuser as password for accessing the API doc
$ python manage.py createsuperuser
- Run the django development server
$ python manage.py runserver
- Visit the API documentation to view all the end points
-
Custom model
UserSessions
defined to store the sessions details like client-ip,client-agent,etc along with is_active attribute that determines if the session is active. -
When a user logs in the signal
user_logged_in_handler
invalidates all the old active sessions of the user and creates a new valid session. -
When a user logs out the signal
user_logged_out_handle
invalidates the current session by updatingis_active=False
. -
To test if the user is operating the same account on multiple devices, a custom permission
ValidSessionPermission
is defined which returnsFalse
if the current session's attributeis_active=False
.
- Create a user with username and mobile number
- Login with that username and password on two different browsers simultaneously and visit this link.
- An
HTTP 403
response is encountered on the browser that logged in first and has older concurrent session with error message{"detail": "There is already another session up and running, please logout and login again.}"
-
Login as a superuser and visit either the docs or directly visit http:https://localhost:8000/users/session/{mobile_number} with the users mobile number in place of {mobile_number} in the url.
-
To see a detailed list of user sessions visit the docs or http:https://localhost:8000/users/session/{mobile_number}/v with mobile number of the user in place of {mobile_number of the user}