• Stars
    star
    306
  • Rank 136,456 (Top 3 %)
  • Language
    Python
  • License
    MIT License
  • Created over 12 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A little javascript and middleware work together to ensure that the user was active during the past X minutes in any tab he has open. Otherwise, display a warning leaving a couple of minutes to show any kind of activity like moving the mouse. Otherwise, logout the user.

This app provides a mechanism to logout inactive authenticated users. An inactive browser should be logged out automatically if the user left his workstation, to protect sensitive data that may be displayed in the browser. It may be useful for CRMs, intranets, and such projects.

For example, if the user leaves for a coffee break, this app can force logout after say 5 minutes of inactivity.

Why not just set the session to expire after X minutes ?

Or "Why does this app even exist" ? Here are the reasons:

  • if the user session expires before the user is done reading a page: he will have to login again.
  • if the user session expires before the user is done filling a form: his work will be lost, and he will have to login again, and probably yell at you, dear django dev ... at least I know I would !

This app allows to short circuit those limitations in session expiry.

How does it work ?

When the user loads a page, SessionSecurity middleware will set the last activity to now. The last activity is stored as datetime in request.session['_session_security']. To avoid having the middleware update that last activity datetime for a URL, add the url to settings.SESSION_SECURITY_PASSIVE_URLS.

When the user moves mouse, click, scroll or press a key, SessionSecurity will save the DateTime as a JavaScript attribute. It will send the number of seconds since when the last user activity was recorded to PingView, next time it should ping.

First, a warning should be shown after settings.SESSION_SECURITY_WARN_AFTER seconds. The warning displays a text like "Your session is about to expire, move the mouse to extend it".

Before displaying this warning, SessionSecurity will upload the time since the last client-side activity was recorded. The middleware will take it if it is shorter than what it already has - ie. another more recent activity was detected in another browser tab. The PingView will respond with the number of seconds since the last activity - all browser tab included.

If there was no other, more recent, activity recorded by the server: it will show the warning. Otherwise it will update the last activity in javascript from the PingView response.

Same goes to expire after settings.SESSION_SECURITY_EXPIRE_AFTER seconds. Javascript will first make an ajax request to PingView to ensure that another more recent activity was not detected anywhere else - in any other browser tab.

Requirements

  • Python 2.7 or 3.5+
  • jQuery 1.7+
  • Django 1.8 to 4.0
  • django.contrib.staticfiles or #YoYo

Resources

You could subscribe to the mailing list ask questions or just be informed of package updates.

More Repositories

1

django-autocomplete-light

A fresh approach to autocomplete implementations, specially for Django. Status: v4 alpha, v3 stable, v2 & v1 deprecated.
Python
1,792
star
2

django-rules-light

Maintenance only
Python
68
star
3

djnext

NextJS Template backend for Isomorphic UI development in Django !MIRROR of git.yourlabs.org/oss/djnext!
Python
37
star
4

crudlfap

MVC CRUD for Django, glueing popular plugins such as django-filter, django-tables2, etc
Python
26
star
5

django-documents

Provide a Document model including a FileField and a custom storage. Uploaded documents live outside of MEDIA_ROOT and must be downloaded through a view that does security checks. Using django-autocomplete-light and django-generic-m2m, allow to attach any object to it.
Python
17
star
6

facond

Change the form dynamically depending on user actions, and predefined sets of actions and conditions
JavaScript
14
star
7

django-permissions-widget

DEPRECATED !! Check out this new awesome app !! https://github.com/RamezIssac/django-tabular-permissions
HTML
13
star
8

django-dbdiff

Diff the database state with pre-generated fixtures, for testing (tests that write themselves)
Python
12
star
9

djWebdApp

Django + Blockchain = Web-dApps [MIRROR OF] yourlabs.io/pyratzlabs/djwebdapp
Python
10
star
10

djwc

Django on WebComponents = Dj🚻
Python
9
star
11

djhacker

Metacode more with Django
Python
8
star
12

jquery-autocomplete-light

Dead simple autocompletion for jQuery.
JavaScript
7
star
13

unittest-data-provider

!!! Don't use this, try pytest parameterize instead !!! See this url:
Python
7
star
14

bigsudo

Ansible wrapper makes ansible easier, superseeds playlabs
Python
5
star
15

ryzom

Component classes replace templates, with data-binding support (client subscription to querysets) for Django channels
Python
5
star
16

django-responsediff

HTTP response diffing against fixtures for testing (tests that write themselves)
Python
5
star
17

django-decision

App for collaborative decision making.
Python
4
star
18

djsnowpack

Django + Snowpack = djsnowpack
Python
4
star
19

autocomplete-light

WebComponents for autocompletion with server-side HTML generation: the perfect match for server-side frameworks. Mirrorr of yourlabs.io/oss/autocomplete-light
JavaScript
3
star
20

podctl

Alternative to docker and docker-compose, built on buildah + podman
Python
2
star
21

shyml

ShYML allows coding shell script in YAML
Python
2
star
22

django-xcbv

UNUSABLE heavy research around cbv for the lulz, see crudlfap for usable code
Python
2
star
23

yourlabs.drone

One command to setup drone-ci
2
star
24

django-call

MOVED to yourlabs.io/oss/djcall !! Spooled and Cron generic task models, like django-q but for uWSGI builtin features
Python
2
star
25

yourlabs.docker

Deploy docker from scratch over ssh
1
star
26

django-appwatch

Monitor sub directories of INSTALLED_APPS !MIRROR! of git.yourlabs.org/oss/django-appwatch
Python
1
star
27

cli2

Dynamic CLI for Python objects of all sorts. MIRROR OF ---->
Python
1
star
28

djcall

Spooled and Cron generic task models, like django-q but for uWSGI builtin features, mirror of --->
Python
1
star
29

compoctl

docker-compose commands: backup/restore/apply (mirror)
Python
1
star
30

djcli

[mirror of yourlabs.io/oss/djcli] CRUD CLI for Django operations
Python
1
star
31

community

Community guidelines
1
star
32

djTezos

Integration of PyTezos and Django, MIRROR of yourlabs.io/oss/djtezos
Python
1
star
33

yourlabs.compose

Deploy a docker-compose.yml to a target host dir with a single command
Python
1
star
34

yourlabs.k8s

1
star
35

starlette-apps

IoC for configuration of Starlette projects
Python
1
star