Reputation: 4199
Logging users out of a Django site after N minutes of inactivity
I'm working on a website that requires us to log a user out after N minutes of inactivity. Are there any best practices for this using Django?
Upvotes: 32
Views: 23895
Answers (5)
Reputation: 1
Try install django-auto-logout. you can control downtime
AUTO_LOGOUT = {'IDLE_TIME': 600} # logout after 10 minutes of downtime
visit https://morioh.com/p/eb3e09781dbf
Upvotes: 0
Reputation: 1
On "settings.py", for session expiry time, set SESSION_COOKIE_AGE which is 1209600 seconds(2 weeks) by default and for inactive logout, set "True" to SESSION_SAVE_EVERY_REQUEST which is "False" by default as shown below:
# "settings.py"
SESSION_COOKIE_AGE = 180 # 3 minutes. "1209600(2 weeks)" by default
SESSION_SAVE_EVERY_REQUEST = True # "False" by default
Upvotes: 6
Reputation: 38247
Setting the session cookie age in the django session middleware just sets the expiry time in the set-cookie header passed back to the browser. It's only browser compliance with the expiry time that enforces the "log out".
Depending on your reasons for needing the idle log-out, you might not consider browser compliance with the expiry time good enough. In which case you'll need to extend the session middleware to do so.
For example you might store an expiry time in your session engine which you update with requests. Depending on the nature of traffic to your site, you may wish to only write back to the session object once in X seconds to avoid excessive db writes.
Upvotes: 4
Reputation: 9490
Take a look at the session middleware and its settings. Specifically these two:
SESSION_COOKIE_AGE
Default: 1209600 (2 weeks, in seconds)
The age of session cookies, in seconds.
SESSION_SAVE_EVERY_REQUEST
Default: False
Whether to save the session data on every request. If this is False (default), then the session data will only be saved if it has been modified -- that is, if any of its dictionary values have been assigned or deleted.
Setting a low SESSION_COOKIE_AGE and turning SESSION_SAVE_EVERY_REQUEST on should work to create "sliding" expiration.
Upvotes: 57
Reputation: 12195
Try setting settings.SESSION_COOKIE_AGE to N * 60 seconds.
http://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-age
Upvotes: 0
Related Questions
- Autologout a user after specific time in django
- How to expire Django session in 5minutes?
- How to set sessions timeout in django?
- How to expire session due to inactivity in Django?
- How to expire a session in django?
- How does one enforce automatic logout due to inactivity in a Django application?
- Django: How to detect inactivity session time out?
- how to set Session time out in django 1.11
- Expire User Session if he is inactive for a certain period of time and record his session start and end time in database
- How can I detect user is inactive for 5 seconds in order to assign session key?