Django: signal when user logs in?

Question

In my Django app, I need to start running a few periodic background jobs when a user logs in and stop running them when the user logs out, so I am looking for an elegant way

Answer 1

One option might be to wrap Django's login/logout views with your own. For example:

from django.contrib.auth.views import login, logout

def my_login(request, *args, **kwargs):
    response = login(request, *args, **kwargs)
    #fire a signal, or equivalent
    return response

def my_logout(request, *args, **kwargs):
    #fire a signal, or equivalent
    return logout(request, *args, **kwargs)

You then use these views in your code rather than Django's, and voila.

With regards to querying login status, it's pretty simple if you have access to the request object; simply check request's user attribute to see if they're a registered user or the anonymous user, and bingo. To quote the Django documentation:

if request.user.is_authenticated():
    # Do something for logged-in users.
else:
    # Do something for anonymous users.

If you don't have access to the request object, then determining if the current user is logged in is going to be difficult.

Edit:

Unfortunately, you'll never be able to get User.is_logged_in() functionality - it's a limitation of the HTTP protocol. If you make a few assumptions, however, you might be able to get close to what you want.

First, why can't you get that functionality? Well, you can't tell the difference between someone closing the browser, or someone spending a while on a page before fetching a new one. There's no way to tell over HTTP when someone actually leaves the site or closes the browser.

So you have two options here that aren't perfect:

1. Use Javascript's unload event to catch when a user is leaving a page. You'd have to write some careful logic to make sure you aren't logging out a user when they're still navigating your site, however.
2. Fire the logout signal whenever a user logs in, just to be sure. Also create a cron job that runs fairly often to flush out expired sessions -- when an expired session is deleted, check that the session's user (if it's not anonymous) has no more active sessions, in which case you fire the logout signal.

These solutions are messy and not ideal, but they're the best you can do, unfortunately.

Answer 2

In addition to @PhoebeB answer: you can also use @receiver decorator like this:

from django.contrib.auth.signals import user_logged_in
from django.dispatch import receiver

@receiver(user_logged_in)
def post_login(sender, user, request, **kwargs):
    ...do your stuff..

And if you put it into signals.py in your app dir, then add this to apps.py:

class AppNameConfig(AppConfig):
    ...
    def ready(self):
        import app_name.signals

Answer 3

The only reliable way (that also detects when the user has closed the browser) is to update some last_request field every time the user loads a page.

You could also have a periodic AJAX request that pings the server every x minutes if the user has a page open.

Then have a single background job that gets a list of recent users, create jobs for them, and clear the jobs for users not present in that list.

Answer 4

Rough idea - you could use middleware for this. This middleware could process requests and fire signal when relevant URL is requested. It could also process responses and fire signal when given action actually succeded.

Answer 5

a quick solution for this would be, in the _ _ init _ _.py of your app place the following code:

from django.contrib.auth.signals import user_logged_in
from django.dispatch import receiver


@receiver(user_logged_in)
def on_login(sender, user, request, **kwargs):
    print('User just logged in....')

Answer 6

Inferring logout, as opposed to having them explicitly click a button (which nobody does), means picking an amount of idle time that equates to "logged out". phpMyAdmin uses a default of 15 minutes, some banking sites use as little as 5 minutes.

The simplest way of implementing this would be to change the cookie-lifetime. You can do this for your entire site by specifying settings.SESSION_COOKIE_AGE. Alternatively, you could change it on a per-user basis (based on some arbitrary set of criteria) by using HttpResponse.setcookie(). You can centralize this code by creating your own version of render_to_response() and having it set the lifetime on each response.