How does one enforce automatic logout due to inactivity in a Django application?

django django-sessions
dangerChihuahua007 picture dangerChihuahua007 · Apr 22, 2012 · Viewed 12.7k times · Source

In my Django application, I would like for the user to be automatically logged out after 30 minutes of inactivity, so I used this setting in settings.py:

SESSION_COOKIE_AGE = 1800

However, using this setting logs the user out in 30 minutes regardless of activity. How does one enforce automatic logout due to inactivity in a Django application?

Answer

jpic picture jpic · May 19, 2012

django-session-security notes the user activity based on server side and javascript events such as mousemove, keypress, etc, etc ... Also, it warns the user before expiring the session, and tries not to expire the session (where there any activity maybe from another browser tab ?).

Just install it and set settings.SESSION_SECURITY_EXPIRE_AFTER=1800. You could also set settings.SESSION_SECURITY_WARN_AFTER=1740.

Related questions

How to clear all session variables without getting logged out

I am trying to clear all of the session variables but not logout the current user. user = request.session.get('member_id', None) request.session.flush() request.session.modified = True request.session['member_id'] = user request.session.modified = True Will …

Read More
Django: setting a session and getting session key in same view

I want to store some things in a database, and am using the current session as a foreign key: from models.py class Visited(models.Model): session = models.ForeignKey(Session) page = models.ForeignKey(Page) times_visited = models.PositiveIntegerField() ip_address = …

Read More
Django, SESSION_COOKIE_DOMAIN with multiple domains

In Django, I have SESSION_COOKIE_DOMAIN set to my domain name. But I would actually like to run the same site with two different domain names. With SESSION_COOKIE_DOMAIN set, only the named domain allows the user to …

Read More