Re: ANN: django-otp and friends: one-time passwords and trusted agents

I thought about that and I didn't like that it logged them in if they failed the OTP token. I'll probably use it for now.

The only reason being I want them to do it in a single "attempt session". If they login half way and leave for a couples minutes I want them to supply the regular login credentials again. In other words I'm not comfortable leaving them in the "half way logged in" state.

Although... I bet there's a way to expire users who are two factor enabled that are not validated yet...

How about I wrap the django_otp.views.login with something like:

if not validated:

  if login time too old:

    kill the session

    redirect to login_view

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.