I have implemented SESSION_EXPIRE_ON_BROWSER_CLOSE setting in my django application. I have a model A that is tied to the session key of current user session. So, when the user closes the browser session expires, how can I configure a Signal(or any other way) to update model A?
No. Session expiration is not an event, and the server knows nothing about when it happens.
Related
In a Home page, i have a form login. in the view.index of the app "Home", after authenticate, i create the ssesion. And after, i call the app "Places" if the authenticate is okey,
request.session['user'] = username
request.session.set_expiry(900)
return HttpResponseRedirect('/places/')
in the settings of the project i configure the SESSION_SAVE_EVERY_REQUEST = True.
How can i send the session to all others pages of the project, and log out the user when the session is expired ?
HTTP is a request response protocol.
This means that the server has no way to to communicate to the client without the client initiating the conversation. So the only way to do something like this is native Django, is to have the client periodically check to see if the session is still ok.
One way to achieve this is with a background ajax call (perhaps using setInterval in javascript) which checks the session, and if it's not any good anymore (either by expiration or the user has been disabled etc) then redirect them back to the login page.
Another approaches could involve sending the expiry time to the client so that it only checks the session when it would have expired (though this wouldn't pick up on users being disabled) or having a websocket server which pushes this information to the client.
I'm trying to ping Django from a javascript frontend to find out when a user's session will expire. I'm doing this so I can proactively notify a user when their session has expired.
Unfortunately, the session expire time is updated because I'm hitting the Django app. I've tried reading the session cookie from javascript, but it is not accessible (nor recommended to be accessible) from javascript.
How can I ping my Django app from javascript to get when the session will end?
What about passing the number of seconds until session will expire directly to your template/javascript? For example, you can get it using this method in your view function and pass it further.
I have a problem when using Django.I set :
session_expire_at_browser_close = true
So,When a user close the browser,his session expire.
Now I also record times of try to login in session.
request.session['try_times'] += 1
If a user try to many times,the website will ask for a verification code.
But because of the setting above,the session expire after restart the browser.
Is any method can meet the two requirements above at the same time?
That is to say,when the browser is closed,a user should be logout,and the 'try_times' should not be deleted.
Your can try to record the try_times on your server.
I'm using session to store an object id and its description, this instance should be blocked to all other users while it is beign used in someone's session, and I would like to release the user object once he closes the browser, now I'm aware there is a configuration to expire sessions on browser close, I was just wandering if there is any entry point where I could add some custom code
What I'm trying to achieve is something like
def OnSessionExpire(???):
#release my objects
I've searched around but found no answer, can someone lay a help here? I'm using the backend session mode
Thank you !
Django doesn't do anything at all when the browser closes. Django doesn't even know - how can it: the only time Django knows anything about what you do in the browser is when you make a request to the server, but closing the browser is the opposite of making a request.
Session expiry on browser close is an attribute of the session cookie, not anything that Django does. It just means that the cookie is set with a flag that tells the browser not to persist it when it closes. The actual session data remains in Django's session store, and will do until you explicitly clear it, but is not accessible because the cookie has been removed.
So, the upshot of that is that there is no way to tell explicitly when a session ends. The only thing you can do is to send regular keepalive signals - eg via Ajax - while the session is open, and taken an action if you haven't seen any for a while.
I have a multi-page Django signup process in which a user goes through the following steps:
Create an account (username, password)
Create a profile
Upload a photo
Review and approve/change profile and photo
Pass username and user ID to payment processor
Receive "Payment OK or Payment not OK" signal from payment processor
Log user in if "Payment OK" and display website's "home" page.
In step 1 above, the user's ID and a couple of other pieces of information are stored in a session. They're then examined when necessary during steps 2 through 4. The user ID and username will also be passed to the payment processor in step 5. I'm thinking of setting the session timeout period to either 30 minutes or an hour. Here's my question. Should I read and re-assign the session variables when the user GETs each of the above pages in order to help the user avoid having their session timed out? The Django documentation says Django only saves a session when the session has been modified (i.e. when any of the dictionary values have been assigned or deleted). I'm thinking that if I "refresh" the user's session as they move from page to page, it will be less likely that they'll be timed out and will thus experience a smoother signup process.
Any advice? Thanks.
There's SESSION_SAVE_EVERY_REQUEST setting that saves session and sends session cookie with every request, effectively turning session into sliding expiration session (btw, it's a widespread name for what you want to achieve)
Refer to session docs for details