-
Notifications
You must be signed in to change notification settings - Fork 142
/
middleware.py
59 lines (44 loc) · 1.88 KB
/
middleware.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
"""
SessionSecurityMiddleware is the heart of the security that this application
attemps to provide.
To install this middleware, add to your ``settings.MIDDLEWARE_CLASSES``::
'session_security.middleware.SessionSecurityMiddleware'
Make sure that it is placed **after** authentication middlewares.
"""
import time
from datetime import datetime, timedelta
from django import http
from django.contrib.auth import logout
from settings import *
class SessionSecurityMiddleware(object):
"""
In charge of maintaining the real 'last activity' time, and log out the
user if appropriate.
"""
def process_request(self, request):
""" Update last activity time or logout. """
if not request.user.is_authenticated():
return
now = datetime.now()
self.update_last_activity(request, now)
delta = now - request.session['_session_security']
if delta.seconds >= EXPIRE_AFTER:
logout(request)
elif request.path not in PASSIVE_URLS:
request.session['_session_security'] = now
def update_last_activity(self, request, now):
"""
If ``request.GET['idleFor']`` is set, check if it refers to a more
recent activity than ``request.session['_session_security']`` and
update it in this case.
"""
request.session.setdefault('_session_security', now)
last_activity = request.session['_session_security']
server_idle_for = (now - last_activity).seconds
if 'idleFor' in request.GET:
client_idle_for = int(request.GET['idleFor'])
if client_idle_for < server_idle_for:
# Client has more recent activity than we have in the session
last_activity = now - timedelta(seconds=client_idle_for)
# Update the session
request.session['_session_security'] = last_activity