Skip to main content

Client and server side session timeout with warnings

Project description

https://img.shields.io/pypi/v/django-session-security.svg https://github.com/yourlabs/django-session-security/actions/workflows/tests.yml/badge.svg

This app provides a mechanism to logout inactive authenticated users. An inactive browser should be logged out automatically if the user left his workstation, to protect sensitive data that may be displayed in the browser. It may be useful for CRMs, intranets, and such projects.

For example, if the user leaves for a coffee break, this app can force logout after say 5 minutes of inactivity.

Why not just set the session to expire after X minutes ?

Or “Why does this app even exist” ? Here are the reasons:

  • if the user session expires before the user is done reading a page: he will have to login again.

  • if the user session expires before the user is done filling a form: his work will be lost, and he will have to login again, and probably yell at you, dear django dev … at least I know I would !

This app allows to short circuit those limitations in session expiry.

How does it work ?

When the user loads a page, SessionSecurity middleware will set the last activity to now. The last activity is stored as datetime in request.session['_session_security']. To avoid having the middleware update that last activity datetime for a URL, add the url to settings.SESSION_SECURITY_PASSIVE_URLS.

When the user moves mouse, click, scroll or press a key, SessionSecurity will save the DateTime as a JavaScript attribute. It will send the number of seconds since when the last user activity was recorded to PingView, next time it should ping.

First, a warning should be shown after settings.SESSION_SECURITY_WARN_AFTER seconds. The warning displays a text like “Your session is about to expire, move the mouse to extend it”.

Before displaying this warning, SessionSecurity will upload the time since the last client-side activity was recorded. The middleware will take it if it is shorter than what it already has - ie. another more recent activity was detected in another browser tab. The PingView will respond with the number of seconds since the last activity - all browser tab included.

If there was no other, more recent, activity recorded by the server: it will show the warning. Otherwise it will update the last activity in javascript from the PingView response.

Same goes to expire after settings.SESSION_SECURITY_EXPIRE_AFTER seconds. Javascript will first make an ajax request to PingView to ensure that another more recent activity was not detected anywhere else - in any other browser tab.

Requirements

  • Python 2.7 or 3.5+

  • jQuery 1.7+

  • Django 1.8 to 2.0

  • django.contrib.staticfiles or #YoYo

Resources

You could subscribe to the mailing list ask questions or just be informed of package updates.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-session-security-2.6.7rc1.tar.gz (100.5 kB view details)

Uploaded Source

Built Distribution

django_session_security-2.6.7rc1-py3-none-any.whl (115.4 kB view details)

Uploaded Python 3

File details

Details for the file django-session-security-2.6.7rc1.tar.gz.

File metadata

File hashes

Hashes for django-session-security-2.6.7rc1.tar.gz
Algorithm Hash digest
SHA256 18e37118f0023e9b3d744fb7c4aa2913723ffbf578070c5312cc52e60fa57679
MD5 2af025d0d712b1a01caaa7d8e25a97be
BLAKE2b-256 95e83fb0ee716edcd596864c86c1538ea90a8218e928e7a998689708cca4c87a

See more details on using hashes here.

File details

Details for the file django_session_security-2.6.7rc1-py3-none-any.whl.

File metadata

File hashes

Hashes for django_session_security-2.6.7rc1-py3-none-any.whl
Algorithm Hash digest
SHA256 b379b1bd829647605c599b6e5e0ae5b133bcf59ffae379e173315f43ded8b3cf
MD5 2e65a030f7ac02ec01be546f284979ae
BLAKE2b-256 4e473af1dd5baf063ff11e25fd95fe33992ee80bf368c52a768a11d19a1bf794

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page