I have a Web service written in Flask. User A uses some username to log in to the service. I want it to be impossible for user B to log in using the same username, until user A's session is expired. In other words, I want to disable concurrent, simultaneous logins per user. How do I do that in Flask-Login?
What you need to do is store some sort of session token in your User model in the database.
class User(db.Model):
....
session_token = db.Column(db.String(40), index=True)
When a user logs in, you generate the session token and save it in the database.
Update your User.get_id
function to return the session token instead of the user ID.
def get_id(self):
return str(self.session_token)
In your user_loader
callback you look up the user based on the token:
@lm.user_loader
def load_user(session_token):
return User.query.filter_by(session_token=session_token).first()
With this setup, the token will be updated on each login, which will automatically invalidate the previous sessions.
Documentation
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With