In my Django application, I would like for the user to be automatically logged out after 30 minutes of inactivity, so I used this setting in settings.py:
在我的Django应用程序中,我希望用户在30分钟不活动后自动注销,所以我在settings.py中使用了这个设置:
SESSION_COOKIE_AGE = 1800
However, using this setting logs the user out in 30 minutes regardless of activity. How does one enforce automatic logout due to inactivity in a Django application?
但是,使用此设置会在30分钟内将用户注销,而不管活动如何。由于Django应用程序中的不活动,如何强制执行自动注销?
3 个解决方案
#1
2
You could update the session of an user when he accesses your site. For example in a middleware, this force session to be set again.
您可以在访问您的站点时更新用户的会话。例如,在中间件中,此强制会话将再次设置。
class ActivateUser(object):
def process_request(self, request):
if request.user.is_authenticated():
request.session.modified = True
#2
2
django-session-security notes the user activity based on server side and javascript events such as mousemove, keypress, etc, etc ... Also, it warns the user before expiring the session, and tries not to expire the session (where there any activity maybe from another browser tab ?).
django-session-security注意基于服务器端的用户活动和javascript事件,如mousemove,keypress等等。此外,它会在会话到期之前警告用户,并尝试不使会话到期(其中有任何活动可能来自另一个浏览器标签?)。
Just install it and set settings.SESSION_SECURITY_EXPIRE_AFTER=1800
. You could also set settings.SESSION_SECURITY_WARN_AFTER=1740
.
只需安装它并设置settings.SESSION_SECURITY_EXPIRE_AFTER = 1800。您还可以设置settings.SESSION_SECURITY_WARN_AFTER = 1740。
#3
1
As an update on this topic. Django now has this setting which makes it a lot easier.
作为此主题的更新。 Django现在有这个设置,这使它更容易。
#1
2
You could update the session of an user when he accesses your site. For example in a middleware, this force session to be set again.
您可以在访问您的站点时更新用户的会话。例如,在中间件中,此强制会话将再次设置。
class ActivateUser(object):
def process_request(self, request):
if request.user.is_authenticated():
request.session.modified = True
#2
2
django-session-security notes the user activity based on server side and javascript events such as mousemove, keypress, etc, etc ... Also, it warns the user before expiring the session, and tries not to expire the session (where there any activity maybe from another browser tab ?).
django-session-security注意基于服务器端的用户活动和javascript事件,如mousemove,keypress等等。此外,它会在会话到期之前警告用户,并尝试不使会话到期(其中有任何活动可能来自另一个浏览器标签?)。
Just install it and set settings.SESSION_SECURITY_EXPIRE_AFTER=1800
. You could also set settings.SESSION_SECURITY_WARN_AFTER=1740
.
只需安装它并设置settings.SESSION_SECURITY_EXPIRE_AFTER = 1800。您还可以设置settings.SESSION_SECURITY_WARN_AFTER = 1740。
#3
1
As an update on this topic. Django now has this setting which makes it a lot easier.
作为此主题的更新。 Django现在有这个设置,这使它更容易。