Django 1.11.8
I have to logout users that close the browser (or tab) without waiting the expire time session (there is one limit for number of the users online).
I can't solve with SESSION_EXPIRE_AT_BROWSER_CLOSE = True ,it doesn't delete the sesssion.
My idea is to add an inactivity timer on the server side for each user session, but I didn't find solutions or some examples about it.
Do you have suggestions how to implement this with django server?
Would be one a good idea?
Related
Requirement :-
working on a project with flask.
flask socketIo ...and i have almost completed the project.
Now i want to implement something which is very common on web development.
Right now i can show the status of background tasks in the UI, and events are getting send to specfic (request.sid ). Now if the user accidentally close his browser and and returns to the same page, for obvious reason he won't see anything ( which was happening in the existing session) but the initial page
I want to a way if the user again comes to the page, it should be redirected to the current status page.
Am trying to achieve something exactly like any cloud based solutions For example if i create an Ec2 instance from console and close it. Upon reopening it will still show the existing operations with current status ( running,pending ) etc..
How can achieve that ?
if the user accidentally close his browser and and returns to the same page, for obvious reason he won't see anything
This isn't really obvious. If your user is logged in to your application then you know them, and presumably you also know what background task each user has pending. When the user returns to the page and logs in again, you should be able to find the state of any background tasks associated with the user.
The only situation in which you would not be able to do this is if you don't require your users to authenticate, in which case when the user comes to your page the second time you have no way to know it is the same user that closed the page before. The fix for this problem is to use authentication, so that your users are always known to the server.
For 2 days now, my APEX is timing out every 10 minutes or less and it makes me lose my work!
I've tried to clean browser cookies and all...
Timeout is set in application's Shared components, Security Attributes, Session Management section.
"Maximum Session Length" is measured in seconds. If unset, it defaults to 43200 seconds (which is 12 hours) (for Apex 19.1) so ... check what it is currently set to.
I think that what you are facing is that your killing your previous sessions.
Every time you log in on an APEX application, it generates a session for your user (it's the random numbers in your URL)
If you have another browser tab opened and you request another log-in on the application, then another session is generated and if you go back to the other tab and try anything there, you will be asked to log-in again and if you do, the other session that you just logged-in will be killed.
For each application you log-in, is generated a session id that is saved on cookies of your browser. So just make sure that there's no other window or tab opened of that application already on the same session of your browser (although you can use different browser or incognito mode).
Also, pay attention in any favorite links that you made that links an APEX application. The same thing will happen if you are already logged-in and click on the favorite link that has a session on its URL.
This all can be avoided if you configure "Rejoin Sessions" parameter on the APEX installation enviroment: https://docs.oracle.com/cd/E59726_01/doc.50/e39151/adm_wrkspc002.htm#BABJCGAG
I'm running a site on Django that has been in operation for a few years. We use sessions with a Redis cache backend. After a reasonably minor update of Django to 1.11.16 from an earlier 1.11.* version, we're seeing that user sessions are being ended for no obvious reason.
One dependable way to get a session to end is to navigate to a url that causes a history.replaceState() to replace the URL. As soon as that happens - the old sessions ends, the user is logged out, and a new session is started.
Any clues would help.
I'm working on a site that uses Django 1.2.5. It uses the Django authentication backend to log users in and out. This, in turn, uses the Django session framework to set cookies. It appears that cookies set by Django's session backend expire after 2 weeks. I've gotten complaints from users that they are being logged out of their accounts and have to be log back in, and I suspect this is due to the fact that cookies are expiring after 2 weeks. I have SESSION_COOKIE_AGE to 1 year (i.e, 31556926 seconds) but I don't know if that's the best solution to this problem -- I'm not sure if it'll have unintentional side effects.
Is there a way to keep users logged in indefinitely (i.e., keep them logged in until they manually log out)? I haven't found a setting, but any solution (e.g., middleware or the like) would be acceptable.
The only way to extend session life is through longer-lived cookies. Every other method of user identification (e.g. IP + user-agent) suffers from ambiguity and, therefore, has security issues.
I created a simple middleware that updates user session cookies periodically, which eliminates the described problem.
https://github.com/IlyaSemenov/django-everlasting-sessions
I have an asp.net web app that has Session state stored in sql server. I need to keep track of the time spent by a user on each page. How can i do that using cookies?
Couldn't you use a cookie to store the time when the user navigated to the page and then when they navigate to another page calculate the time spent on the previous page, enter that into the database or something and then repeat the process?
If you can get away with tracking time for all users collectively rather than individual users, I would install Google Analytics.
http://www.google.com/analytics/
Tracking user time across a site isn't ideally done in the cookies, which are more for providng things back to the user.
That said, you'd need to store the intermediate data in the cookie if you're going to store the true 'time per page' per user rather than faking it at the server by counting the gap between page requests per session. You could do this by setting the load time at the page load, then comparing that to the current time in the onUnload event hander. Save that to the cookie and it should be available to the server in the request body of the next page it sends.