2

From the documention I can see how you can create your own django auth backend. Though it can get slightly confusing considering the session and user details are slit across 3 tables (auth_user, Session and also a custom table when storing your other authorzsation token).

I know you can set the session timeouts on session within the views. However I wonder if there is another (or what is the best) method to set your django session timeout at the same time you create a new session within your custom auth backend.

Basically my other auth system has a total timeout of 24hours and an idle of 1hr, so I want to couple these timeouts as close as poss to the django session.

Hope this makes sense .

Thanks

felix001
  • 15,341
  • 32
  • 94
  • 121

1 Answers1

1

At settings:

SESSION_EXPIRE_AT_BROWSER_CLOSE = False

This middleware will check for max 24h + 1h idle:

class timeOutMiddleware(object):

    def process_request(self, request):
        shouldLogout = False
        if request.user.is_authenticated():
            if 'beginSession' in request.session:            
                elapsedTime = datetime.datetime.now() - \
                              request.session['beginSession']
                if elapsedTime.seconds > 24*3600:
                    del request.session['beginSession'] 
                    shouldLogout = True
            else:
                request.session['beginSession'] = datetime.datetime.now()

            if 'lastRequest' in request.session:            
                elapsedTime = datetime.datetime.now() - \
                              request.session['lastRequest']
                if elapsedTime.seconds > 60*60:
                    del request.session['lastRequest'] 
                    shouldLogout = True

            request.session['lastRequest'] = datetime.datetime.now()

            if shouldLogout:
                logout(request)

        else:
            if 'beginSession' in request.session:
                del request.session['beginSession']
            if 'lastRequest' in request.session:
                del request.session['lastRequest']

        return None

Notice: not tested, I wrote a similar middleware for my app and I have changed it to match your requirements.

Community
  • 1
  • 1
dani herrera
  • 48,760
  • 8
  • 117
  • 177
  • Thanks, just a few things what order is this placed into the middleware as ? What does the full script, i.e imports etc look like ? Also do I need to amend the object name that is passed into the class ? – felix001 Jun 16 '13 at 20:03
  • You can see it here: http://code.google.com/p/ghap/source/browse/trunk/src/ghap/settings.py – dani herrera Jun 16 '13 at 20:07