Welcome to django-session-security’s documentation!¶
This app provides a mechanism to logout inactive authenticated users. An inactive browser should be logged out automatically if the user left his workstation, to protect sensitive data that may be displayed in the browser. It may be useful for CRMs, intranets, and such projects.
For example, if the user leaves for a coffee break, this app can force logout after say 5 minutes of inactivity.
Why not just set the session to expire after X minutes ?¶
Or “Why does this app even exist” ? Here are the reasons:
- if the user session expires before the user is done reading a page: he will have to login again.
- if the user session expires before the user is done filling a form: his work will be lost, and he will have to login again, and probably yell at you, dear django dev ... at least I know I would !
This app allows to short circuit those limitations in session expiry.
How does it work ?¶
When the user loads a page, SessionSecurity middleware will set the last
activity to now. The last activity is stored as datetime
request.session['_session_security']. To avoid having the middleware
update that last activity datetime for a URL, add the url to
First, a warning should be shown after
seconds. The warning displays a text like “Your session is about to expire,
move the mouse to extend it”.
Before displaying this warning, SessionSecurity will upload the time since the last client-side activity was recorded. The middleware will take it if it is shorter than what it already has - ie. another more recent activity was detected in another browser tab. The PingView will respond with the number of seconds since the last activity - all browser tab included.
Same goes to expire after
more recent activity was not detected anywhere else - in any other browser tab.
- Python 2.7 or 3.5+
- jQuery 1.7+
- Django 1.8 to 2.0
- django.contrib.staticfiles or #YoYo
You could subscribe to the mailing list ask questions or just be informed of package updates.
- Git graciously hosted by GitHub,
- Documentation graciously hosted by RTFD,
- Package graciously hosted by PyPi,
- Mailing list graciously hosted by Google
- For Security issues, please contact email@example.com
- Continuous integration graciously hosted by Travis-ci