-
-
Notifications
You must be signed in to change notification settings - Fork 342
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: Concurrent session logout are miss-tracked #1190
Labels
Comments
Thanks for reporting 👍 One option would be to make a mapping from access log objects to sessions so that the correct sessions can be revoked, as you said. Sessions can also be stored in other session backends so the implementation should be compatible with those. Would you have the opportunity for making a PR for fixing this bug @sevdog? |
Sure, as soon as I can find enough time to work on it. |
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When there are concurrent sessions held by the same user on differente devices the first which logs-out also marks the time on the latter.
To Reproduce
Steps to reproduce the behavior:
AxesDatabaseHandler
(the default one)Now every
AccessLog
for that user has the samelogout_time
, even those for which there is still an active session. It is not possible to update access-logs for those records.django-axes/axes/handlers/database.py
Lines 319 to 321 in fd9d185
Expected behavior
Every session for a single user should be related to a single
AccessLog
, to enable a correct tracking of the user.Your environment
python version: 3.10
django version: 4.2
django-axes version:
Operating system: Linux
Possible implementation
It would be advisable to have an other optional field on
AccessLog
which can be a digest of the current session-id.This could also be used as a method do detect whenever an access "expires" without log-off.
The reason for not using a FK to session is:
username
is not a real FK to user but just simple columnThe text was updated successfully, but these errors were encountered: