I programmed a small web application using django (version 3.0) and python (version 3.7.1). I am using the authentification tool, that comes with django. It works perfectly fine, but the problem I am facing is, that after I closed the browser and reopen it (sometimes several hours later) I am still logged in. That is something I want to avoid under all circumstances. I had the idea of making a check when the last login with that user was and if it was longer ago than for example 5 minutes you will get logged out, but I think there is and should be a more effective and elegant way to do it.
Asked
Active
Viewed 49 times
0
-
3Does this answer your question? [How to expire session due to inactivity in Django?](https://stackoverflow.com/questions/3024153/how-to-expire-session-due-to-inactivity-in-django) – anupsabraham Dec 27 '19 at 09:59
-
This should help https://stackoverflow.com/questions/14830669/how-to-expire-django-session-in-5minutes – Basalex Dec 27 '19 at 10:00
-
if you want to logout user on browser close just add `SESSION_EXPIRE_AT_BROWSER_CLOSE = True` to your settings.py, or you want user to tick a check box on the log in form to remember for 2 weeks or something then you can set session duration `request.session.set_expiry(1209600)` – Linh Nguyen Dec 27 '19 at 10:01
-
Thank you for the quick answer. I did not find a post answering my question so I asked it myself, but you redirected me directly to it. Thank you! – byTreneib Dec 27 '19 at 10:12