Full documentation¶
Settings¶
Middleware¶
Urls¶
Views¶
-
class
session_security.views.PingView(**kwargs)[source]¶ View to update the last activity date time and get it.
Constructor. Called in the URLconf; can contain helpful extra keyword arguments, and other things.
-
get(request, *args, **kwargs)[source]¶ Return the number of seconds since last activity. Also, update session’s last activity if
sinceActivityGET argument is passed and superior to 0.- Use the
sinceActivityandrequest.session['session_security']['last_activity']to calculate the last activity on the client (javascript), and on the server (django). - If the client reports a later last activity, then the session’s last activity variable is updated according to the client.
- Return the time since the last activity. Note that if the user generates activity in a browser tab, but not in the other, both will have the real last activity time because of this approach.
To just query the actual last activity, let
sinceActivityinferior to 0.- Use the
-
Templates¶
session_security/dialog.html¶
{% load i18n %}
<div id="session_security_warning" class="session_security" style="display:none">
<div class="session_security_overlay"></div>
<div class="session_security_modal">
<h3>{% trans 'Your session is about to expire' %}</h3>
<p>{% trans 'Click to extend your session.' %}</p>
</div>
</div>
session_security/all.html¶
{% comment %}
This demonstrates how to setup session security client side stuff on your own.
It provides sensible defaults so you could start with just::
{% include 'session_security/all.html' %}
{% endcomment %}
{% load i18n %}
{% load url from future %}
{# If the user is not authenticated then there is no session to secure ! #}
{% if request.user.is_authenticated %}
{# The modal dialog stylesheet, it's pretty light so it should be easy to hack #}
<link rel="stylesheet" type="text/css" href="{{ STATIC_URL }}session_security/style.css"></link>
{# Include the template that actually contains the modal dialog #}
{% include 'session_security/dialog.html' %}
{# Load SessionSecurity javascript 'class', jquery should be loaded - by you - at this point #}
<script type="text/javascript" src="{{ STATIC_URL }}session_security/script.js"></script>
{% csrf_token %}
{# Bootstrap a SessionSecurity instance as the sessionSecurity global variable #}
<script type="text/javascript">
var sessionSecurity = new SessionSecurity();
{# Merge our settings to the sessionSecurity instance, again you can override any method/attribute #}
sessionSecurity = $.extend({
LOGIN_URL: '{{ request.session.session_security.LOGIN_URL }}',
LOGOUT_URL: '{{ request.session.session_security.LOGOUT_URL }}',
EXPIRE_AFTER: {{ request.session.session_security.EXPIRE_AFTER }},
WARN_AFTER: {{ request.session.session_security.WARN_AFTER }},
pingUrl: '{% url 'session_security_ping' %}',
token: $('input[name=csrfmiddlewaretoken]').val(),
}, sessionSecurity);
{# Initialize timeouts and events, don't wait for document.ready to reduce clock skews #}
sessionSecurity.initialize();
</script>
{% endif %}
Static files¶
session_security/script.js¶
Read the script documentation
session_security/style.css¶
/* credit: http://www.csslab.cl/2008/01/30/ventana-modal-solo-con-css/ */
.session_security_overlay {
position: absolute;
top: 0;
left: 0;
width: 100%;
height: 100%;
background: #000;
z-index:1001;
opacity:.75;
-moz-opacity: 0.75;
filter: alpha(opacity=75);
}
.session_security_modal {
position: absolute;
top: 25%;
left: 25%;
width: 50%;
padding: 16px;
background: #fff;
color: #333;
z-index:1002;
overflow: auto;
text-align: center;
}