Menu
I am using this to login the user in:
def login_backend(request): if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: login(request, user) request.session.set_expiry(300) return HttpResponseRedirect('/overview/') else: return HttpResponseRedirect('/login_backend/') else: return render_to_response('login_backend.html', context_instance=RequestContext(request)) I want session to expire after 5mins thus I added request.session.set_expiry(300) in the view above. But the session is never expiring. What am I doing wrong?
355
To delete a session or any particular key of that session, we can use del. The output will look like this and don't worry if your cookie didn't delete because we use this method only to delete your data in the Django database and not the session ID and cookie itself.
The setting you are looking for is SESSION_COOKIE_AGE , the default value is 1209600 which is two weeks, in seconds.
Set the expiry date of the session to be 'current time + inactivity period' on every request. Override process_request in SessionMiddleware and check for session expiry. Discard the session if it has expired.
By default, SESSION_EXPIRE_AT_BROWSER_CLOSE is set to False , which means session cookies will be stored in users' browsers for SESSION_COOKIE_AGE seconds (which defaults to two weeks, or 1,209,600 seconds).
There are two parameters to expire sessions, SESSION_EXPIRE_AT_BROWSER_CLOSE and SESSION_COOKIE_AGE. If you want to expire in 5 minutes yours settings should like as:
SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_COOKIE_AGE = 5 * 60 # To combine both learn how do it writing your custom middleware "Is there a way to combine behavior of SESSION_EXPIRE_AT_BROWSER_CLOSE and SESSION_COOKIE_AGE"
188
Update for Django 1.6
The middleware code below is not working in Django 1.6 and above version because of json serializable. To make it work in all versions of Django, put the session serializer.
settings.py
#Handle session is not Json Serializable SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' The above sample of serializer is for Django 1.6. Kindly search for other version. Thanks...
Create middleware.py
from datetime import datetime, timedelta from django.conf import settings from django.contrib import auth class AutoLogout: def process_request(self, request): if not request.user.is_authenticated() : #Can't log out if not logged in return try: if datetime.now() - request.session['last_touch'] > timedelta( 0, settings.AUTO_LOGOUT_DELAY * 60, 0): auth.logout(request) del request.session['last_touch'] return except KeyError: pass request.session['last_touch'] = datetime.now() Update your settings.py:
MIDDLEWARE_CLASSES = [ ......................... 'app_name.middleware.AutoLogout', ] # Auto logout delay in minutes AUTO_LOGOUT_DELAY = 5 #equivalent to 5 minutes If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
