Disable simultaneous login from multiple different places on Flask-Login

StackOverflow https://stackoverflow.com/questions/23360019

Question

I have a Web service written in Flask. User A uses some username to log in to the service. I want it to be impossible for user B to log in using the same username, until user A's session is expired. In other words, I want to disable concurrent, simultaneous logins per user. How do I do that in Flask-Login?

Was it helpful?

Solution

What you need to do is store some sort of session token in your User model in the database.

class User(db.Model):
    ....
    session_token = db.Column(db.String(40), index=True)

When a user logs in, you generate the session token and save it in the database.

Update your User.get_id function to return the session token instead of the user ID.

def get_id(self):                                                           
    return str(self.session_token)

In your user_loader callback you look up the user based on the token:

@lm.user_loader                                                                 
def load_user(session_token):                                                                                                                        
    return User.query.filter_by(session_token=session_token).first()

With this setup, the token will be updated on each login, which will automatically invalidate the previous sessions.

Documentation

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top