Full documentation





class session_security.views.PingView(**kwargs)[source]

View to update the last activity date time and get it.

Constructor. Called in the URLconf; can contain helpful extra keyword arguments, and other things.

get(request, *args, **kwargs)[source]

Return the number of seconds since last activity. Also, update session’s last activity if sinceActivity GET argument is passed and superior to 0.

  • Use the sinceActivity and request.session['session_security']['last_activity'] to calculate the last activity on the client (javascript), and on the server (django).
  • If the client reports a later last activity, then the session’s last activity variable is updated according to the client.
  • Return the time since the last activity. Note that if the user generates activity in a browser tab, but not in the other, both will have the real last activity time because of this approach.

To just query the actual last activity, let sinceActivity inferior to 0.



{% load i18n %}

<div id="session_security_warning" class="session_security" style="display:none">
    <div class="session_security_overlay"></div>
    <div class="session_security_modal">
        <h3>{% trans 'Your session is about to expire' %}</h3>
        <p>{% trans 'Click to extend your session.' %}</p>


{% comment %}
This demonstrates how to setup session security client side stuff on your own.
It provides sensible defaults so you could start with just::

    {% include 'session_security/all.html' %}

{% endcomment %}

{% load i18n %}
{% load url from future %}

{# If the user is not authenticated then there is no session to secure ! #}
{% if request.user.is_authenticated %}

    {# The modal dialog stylesheet, it's pretty light so it should be easy to hack #}
    <link rel="stylesheet" type="text/css" href="{{ STATIC_URL }}session_security/style.css"></link>

    {# Include the template that actually contains the modal dialog #}
    {% include 'session_security/dialog.html' %}

    {# Load SessionSecurity javascript 'class', jquery should be loaded - by you - at this point #}
    <script type="text/javascript" src="{{ STATIC_URL }}session_security/script.js"></script>

    {% csrf_token %}

    {# Bootstrap a SessionSecurity instance as the sessionSecurity global variable #}
    <script type="text/javascript">
    var sessionSecurity = new SessionSecurity();

    {# Merge our settings to the sessionSecurity instance, again you can override any method/attribute #}
    sessionSecurity = $.extend({
        LOGIN_URL: '{{ request.session.session_security.LOGIN_URL }}',
        LOGOUT_URL: '{{ request.session.session_security.LOGOUT_URL }}',
        EXPIRE_AFTER: {{ request.session.session_security.EXPIRE_AFTER }},
        WARN_AFTER: {{ request.session.session_security.WARN_AFTER }},
        pingUrl: '{% url 'session_security_ping' %}',
        token: $('input[name=csrfmiddlewaretoken]').val(),
    }, sessionSecurity);
    {# Initialize timeouts and events, don't wait for document.ready to reduce clock skews #}
{% endif %}

Static files


Read the script documentation


/* credit: http://www.csslab.cl/2008/01/30/ventana-modal-solo-con-css/ */
.session_security_overlay {
    position: absolute;
    top: 0;
    left: 0;
    width: 100%;
    height: 100%;
    background: #000;
    -moz-opacity: 0.75;
    filter: alpha(opacity=75);

.session_security_modal {
    position: absolute;
    top: 25%;
    left: 25%;
    width: 50%;
    padding: 16px;
    background: #fff;
    color: #333;
    overflow: auto;
    text-align: center;