Skip to main content

Django authentication-based session expiration

Project description

A Django application which provides authentication-based session expiration.

To install this application into your project, first add it to your INSTALLED_APPS setting (and run manage.py syncdb):

INSTALLED_APPS = (
    ...
    'django_expire',
)

Next, add the expiration middleware to your MIDDLEWARE_CLASSES setting, placing it after both the session and auth middleware.:

MIDDLEWARE_CLASSES = (
    ...
    'django_expire.middleware.ExpireMiddleware',
)

What it does

For every request by an authenticated user, a check is run to ensure the number of other sessions also belonging to the user does not exceed the allowed maximum.

This maximum defaults to 1, but you can provide a EXPIRE_MAX_USERS setting to override this default (a setting of 0 allows an unlimited amount of users per session).

If a user has exceeded the number of sessions they are allowed, the excessive sessions are removed (effectively logging the user out of these now invalidated sessions).

Logged sessions

A log of each session is stored in the django_expire.models.LoggedSession model.

Invalidated sessions are not removed from the database by default so you can use this model to retrieve login information (for example, date/time and IP address).

Use the EXPIRE_LOG_LIMIT setting to set a limit of expired session logs to retain for each user (you can use 0 to delete expired session logs straight away or None for no limit).

Changing expiration settings per user

The django_expire.signals.expire_check allows you to change the expiration settings at a per-user level.

The signal is sent before any tests are run, along with a settings dictionary containing a single max_users key. Signal handlers may change the value of the dictionary to alter the settings for this user.

An example handler (which is not automatically connected) can be found in django_expire.signals.superuser_handler which demonstrates allowing superusers an unlimited number of sessions.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-expire-1.0.tar.gz (4.0 kB view details)

Uploaded Source

File details

Details for the file django-expire-1.0.tar.gz.

File metadata

  • Download URL: django-expire-1.0.tar.gz
  • Upload date:
  • Size: 4.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for django-expire-1.0.tar.gz
Algorithm Hash digest
SHA256 32b223e1992a569948b914c3482dc059f1ad8f3d36f6d9110ca73ed707ef1748
MD5 5b798cb49f8e092eb197e91c5583ec30
BLAKE2b-256 2f3e66c599c55c4a7ab7ad741cb0d7b991b856770d33c48b1264902e086bd564

See more details on using hashes here.

Provenance

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page