Skip to main content

Django authentication-based session expiration

Project description

A Django application which provides authentication-based session expiration.

To install this application into your project, first add it to your INSTALLED_APPS setting (and run manage.py syncdb):

INSTALLED_APPS = (
    ...
    'django_expire',
)

Next, add the expiration middleware to your MIDDLEWARE_CLASSES setting, placing it after both the session and auth middleware.:

MIDDLEWARE_CLASSES = (
    ...
    'django_expire.middleware.ExpireMiddleware',
)

What it does

For every request by an authenticated user, a check is run to ensure the number of other sessions also belonging to the user does not exceed the allowed maximum.

This maximum defaults to 1, but you can provide a EXPIRE_MAX_USERS setting to override this default (a setting of 0 allows an unlimited amount of users per session).

If a user has exceeded the number of sessions they are allowed, the excessive sessions are removed (effectively logging the user out of these now invalidated sessions).

Logged sessions

A log of each session is stored in the django_expire.models.LoggedSession model.

Invalidated sessions are not removed from the database by default so you can use this model to retrieve login information (for example, date/time and IP address).

Use the EXPIRE_LOG_LIMIT setting to set a limit of expired session logs to retain for each user (you can use 0 to delete expired session logs straight away or None for no limit).

Changing expiration settings per user

The django_expire.signals.expire_check allows you to change the expiration settings at a per-user level.

The signal is sent before any tests are run, along with a settings dictionary containing a single max_users key. Signal handlers may change the value of the dictionary to alter the settings for this user.

An example handler (which is not automatically connected) can be found in django_expire.signals.superuser_handler which demonstrates allowing superusers an unlimited number of sessions.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-expire-1.0.1.tar.gz (6.1 kB view details)

Uploaded Source

File details

Details for the file django-expire-1.0.1.tar.gz.

File metadata

File hashes

Hashes for django-expire-1.0.1.tar.gz
Algorithm Hash digest
SHA256 b060ae507ab295912d09ebd2bbc194a0f7e322e618d59342b430dcd4d7a1101a
MD5 283184b8a61c1dc59598ca81f40dc56b
BLAKE2b-256 3c1d74bf4ceae0bed7176694b5c437f105aad79b1481f268a56af03ca3c9dfab

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page