How does one enforce automatic logout due to inactivity in a Django application?

dangerChihuahua007 picture dangerChihuahua007 · Apr 22, 2012 · Viewed 12.7k times · Source

In my Django application, I would like for the user to be automatically logged out after 30 minutes of inactivity, so I used this setting in settings.py:

SESSION_COOKIE_AGE = 1800

However, using this setting logs the user out in 30 minutes regardless of activity. How does one enforce automatic logout due to inactivity in a Django application?

Answer

jpic picture jpic · May 19, 2012

django-session-security notes the user activity based on server side and javascript events such as mousemove, keypress, etc, etc ... Also, it warns the user before expiring the session, and tries not to expire the session (where there any activity maybe from another browser tab ?).

Just install it and set settings.SESSION_SECURITY_EXPIRE_AFTER=1800. You could also set settings.SESSION_SECURITY_WARN_AFTER=1740.