In my Django application, I would like for the user to be automatically logged out after 30 minutes of inactivity, so I used this setting in settings.py:
SESSION_COOKIE_AGE = 1800
However, using this setting logs the user out in 30 minutes regardless of activity. How does one enforce automatic logout due to inactivity in a Django application?
Expire the session on browser close with the SESSION_EXPIRE_AT_BROWSER_CLOSE setting. Then set a timestamp in the session on every request like so. and add a middleware to detect if the session is expired. something like this should handle the whole process...
As an update on this topic. Django now has the SESSION_SAVE_EVERY_REQUEST setting which makes it a lot easier.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With