Permalink
Commits on Feb 7, 2017
  1. Fixed script documentation

    jpic committed Feb 7, 2017
  2. Release 2.5.1 [ci skip]

    jpic committed Feb 7, 2017
  3. Fix #89: add SESSION_SECURITY_PASSIVE_URL_NAMES setting

    * Fix #89: session_security breaks "End Session" on the current session when using user_sessions
    
    Add a new parameter, SESSION_SECURITY_PASSIVE_URL_NAMES, which takes a
    list of URL names to skip when performing session activity updates.
    
    This provides an easy method for parameterized URLs to be skipped. The
    existing SESSION_SECURITY_PASSIVE_URLS parameter continues to work
    with static path names.
    
    For example, if you have the following URL from the user_sessions app:
    
    /account/sessions/<session_id>/delete/
    
    You can skip the activity tracker by adding the following to
    settings.py:
    
    SESSION_SECURITY_PASSIVE_URL_NAMES = ['session_delete']
    
    This currently only handles direct URL names and can be updated in the
    future to handled fully namespaced and instanced URL names.
    
    * Add documentation for new PASSIVE_URL_NAMES setting
    
    Fix #89: session_security breaks "End Session"
    
    * Add unit test for PASSIVE_URL_NAMES setting
    
    Fix #89: session_security breaks "End Session"
    sdann committed with jpic Feb 7, 2017
Commits on Feb 5, 2017
  1. Update README

    jpic committed Feb 5, 2017
  2. Release 2.5.0

    jpic committed Feb 5, 2017
  3. Merge pull request #85 from kalekseev/master

    Add support for activity on mobile devices
    jpic committed on GitHub Feb 5, 2017
  4. Merge pull request #84 from lynnco/a11y

    Add a11y support to session security dialog
    jpic committed on GitHub Feb 5, 2017
  5. Merge pull request #91 from yourlabs/dj111

    Django version dance
    jpic committed on GitHub Feb 5, 2017
  6. Test python 3.5 instead of 3.5 and django 1.11 instead of 1.7

    jpic committed Feb 4, 2017
Commits on Dec 29, 2016
  1. Merge pull request #88 from rdekker1/dutch-translation

    Updated comments in .po
    jpic committed on GitHub Dec 29, 2016
  2. Updated comments in .po

    rdekker1 committed Dec 29, 2016
Commits on Dec 23, 2016
  1. Merge pull request #87 from rdekker1/dutch-translation

    Dutch translation
    jpic committed on GitHub Dec 23, 2016
  2. Dutch translation

    rdekker1 committed Dec 23, 2016
Commits on Nov 29, 2016
  1. Add support for activity on mobile devices

    kalekseev committed Nov 29, 2016
Commits on Nov 2, 2016
  1. activate focus on session_security_modal

    lynnco committed Nov 2, 2016
  2. add tabindex and role=document

    lynnco committed Nov 2, 2016
  3. markup #session_security_warning as a dialog

    lynnco committed on GitHub Nov 2, 2016
Commits on Oct 20, 2016
  1. Merge pull request #81 from eriktelepovsky/master

    support for Django 1.10
    jpic committed on GitHub Oct 20, 2016
  2. support for Django 1.10

    eriktelepovsky committed Oct 20, 2016
Commits on Sep 16, 2016
  1. Merge pull request #79 from nirgal/nobin

    Removed compiled binary from source
    jpic committed on GitHub Sep 16, 2016
Commits on Sep 13, 2016
  1. Removed compiled binary from source

    nirgal committed Sep 13, 2016
Commits on Aug 17, 2016
  1. Release 2.4.0

    jpic committed Aug 17, 2016
  2. Merge pull request #78 from yourlabs/djangodance

    Django release dance
    jpic committed on GitHub Aug 17, 2016
  3. Merge pull request #77 from yourlabs/force_browser_close

    Require SESSION_EXPIRE_AT_BROWSER_CLOSE unless SESSION_SECURITY_INSECURE=True
    jpic committed on GitHub Aug 17, 2016
  4. Test Django 1.11

    jpic committed Aug 17, 2016
  5. Require SESSION_EXPIRE_AT_BROWSER_CLOSE

    Unless SESSION_SECURITY_INSECURE=True, SESSION_EXPIRE_AT_BROWSER_CLOSE
    must be True.
    jpic committed Aug 17, 2016
  6. Merge pull request #76 from yourlabs/idle-for

    Fix idleFor vulnerability
    jpic committed on GitHub Aug 17, 2016
  7. Mention new security mailing list

    jpic committed Aug 17, 2016
  8. Fix PEP8 E731

    jpic committed Aug 17, 2016
  9. Check expiry before using idleFor to update the last activity

    The middleware updated the activity before checking the timeout.
    Update checks the idleFor param and replaced the last activity value.
    As a result, the idleFor parameter can preempt an arbitrarily long real
    timeout.
    claytondaley committed with jpic Aug 16, 2016
Commits on Aug 15, 2016
  1. Fix test project

    jpic committed Aug 15, 2016