How can auth can be configured or modified to disallow user sessions if the

Question

0

Asked: May 16, 20262026-05-16T01:48:43+00:00 2026-05-16T01:48:43+00:00

How can auth can be configured or modified to disallow user sessions if the

0

How can auth can be configured or modified to disallow user sessions if the user’s IP is not the same IP that he logged in with ?
I really try to protect my Django site from XSS as much as I can. But I never can be sure that I covered all the bases. If worst comes to worst and someone is able to put some XSS in my site, at least this could prevent him from hijacking existing user sessions..

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-16T01:48:44+00:00

Editorial Team

2026-05-16T01:48:44+00:00Added an answer on May 16, 2026 at 1:48 am

In your User model class create an IP field that stores the IP address of the request.

original_ip_address = request.META['REMOTE_ADDR']

then before serving a view simply check the current request with the stored ip:

if request.META['REMOTE_ADDR'] == ip_from_database: `
# Do something
else:
 #redirect to login

you can make the above a function that is always called before anything else in a view.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How can auth can be configured or modified to disallow user sessions if the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply