Tor*_*ger 16 python django django-authentication django-sessions
我们的Django部署每晚都会检查哪些活动用户仍然可以在LDAP目录中找到.如果找不到它们,我们将它们设置为不活动状态.如果他们下次尝试登录,则会失败.这是我们的代码,它执行此操作:
def synchronize_users_with_ad(sender, **kwargs):
"""Signal listener which synchronises all active users without a usable
password against the LDAP directory. If a user cannot be
found anymore, he or she is set to “inactive”.
"""
ldap_connection = LDAPConnection()
for user in User.objects.filter(is_active=True):
if not user.has_usable_password() and not existing_in_ldap(user):
user.is_active = user.is_staff = user.is_superuser = False
user.save()
user.groups.clear()
user.user_permissions.clear()
maintain.connect(synchronize_users_with_ad)
但如果他们仍然登录,则此会话仍然有效.我们怎样才能立即使它们无效?会话中间件的所有设置都是默认值.
小智 14
您可以使用它们注销
from django.contrib.auth import logout
if <your authentication validation logic>:
logout(request)
......在任何视图中.