middleware is not work expected

Question

I have some problem related to that I am trying to implement a middleware which detects the whether the authenticated user is inactive for 5 seconds. I have wrote below Python module to do this job but It seems it is not works well. I found two reason ; One of them is ; I can not redirect the user to the home page correctly ; Middleware is not change session key correctly

I have not found that how I can solve this problems. I will show what I have done to the below as two part.

First part ; middleware.py

class TimeOut:
    @csrf_exempt 
    def process_request(self, request):
        try :
            if request.session['isA'] == False:
                return #redirect(reverse("homePage_view"))
        except KeyError:
            request.session['isA'] = False
            return
        try :
            passT = datetime.now() - request.session['Time'] 
            if passT > timedelta( 0, settings.SESSION_COOKIE, 0):
                request.session['isA'] = False
                del request.session['Time']
                return
        except KeyError:
            pass
        request.session['Time'] = datetime.now()

Second part ; settings.py

SESSION_COOKIE = 5 

MIDDLEWARE_CLASSES = (
    'home.middleware.TimeOut',
)

EDIT: I have mistakenly wrote other class. I have changed the name as TimeOut

For one, your class is called `Timeout` and you are referring to `SessionTimeOut`; second - request middleware is only called at the time of a request, so if there is no request your middleware won't get called at all. — Burhan Khalid, Feb 11 '13 at 08:24
@BurhanKhalid Is this wrong way to detect whether the user is inactive ? If yes, how can I detect whether the user is inactive for 5 seconds ? — mavzey, Feb 11 '13 at 08:27
Yes, you need to detect this at the client side - not at the server side. — Burhan Khalid, Feb 11 '13 at 08:35
Can you clarify more "detect this at the client side" ? Can you give me link or other think ? — mavzey, Feb 11 '13 at 08:38
See [this question](http://stackoverflow.com/questions/667555/detecting-idle-time-in-javascript-elegantly) — Burhan Khalid, Feb 11 '13 at 08:58
To expire the session X seconds after the last activity use [django-session-timeout](https://github.com/LabD/django-session-timeout) library — JohnM, Sep 13 '19 at 15:29

catherine · Accepted Answer · 2013-02-11T09:22:06.450

1

Is this the one you are talking:

class AutoLogout:
    def process_request(self, request):
        if not request.user.is_authenticated() :
            return HttpResponseRedirect(reverse('app_name:url_name'))

        try:
            if datetime.now() - request.session['last_touch'] > timedelta( 0, settings.AUTO_LOGOUT_DELAY * 60, 0):
                auth.logout(request)
                del request.session['last_touch']
                return HttpResponseRedirect(reverse('app_name:url_name'))
        except KeyError:
            pass

        request.session['last_touch'] = datetime.now()

decorators.py

from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect

def login_check(view_func):
    def _wrapped_view_func(request, *args, **kwargs):
        if not request.user.is_authenticated:
            //return to home page url
            return HttpResponseRedirect(reverse('app_name:url_name'))
        return view_func(request, *args, **kwargs)
    return _wrapped_view_func

After you create decorators.py, update your view like this:

from app_name.decorators import login_check

@login_check
def view_name(request):
    .........

The user will not be allow to go to that page if not authenticated.

edited Feb 11 '13 at 09:22

answered Feb 11 '13 at 08:34

catherine

22,492
12
61
85

yeap, I have changed for my case but it seems it is not changing the session key. I tryied to find the reason but I have not managed yet. So I have asked to here. What is wrong with my module ? – mavzey Feb 11 '13 at 08:36
I have decorator which job `if request.session['isA'] == False return redirect ( reverse ( "homePage.view"))`. If the key is changed to False, the page which is opened after the login page should be redirected to the login page. But, redirection is not happen – mavzey Feb 11 '13 at 08:44
Have you read @Burhan's comment "you need to detect this at the client side - not at the server side" ? I do not understand the reason. – mavzey Feb 11 '13 at 08:46
if usr authenticated in the code I am marking `request.session['isA'] key to True`. – mavzey Feb 11 '13 at 08:47
Cathy, your last sentence is sort of complicated for me. Sorry, My native language is not English. May you open your last sentence, please? – mavzey Feb 11 '13 at 08:52
I said you totally modified it and you don't know what to do next. That original middleware is working, you just have to do is change the time. And if you have something to add, you have to first consult me before you modified it atleast I know what you really want. – catherine Feb 11 '13 at 08:56
Thank you for your **all** help. Can you update your answer according to the your comments, you are right ? I want to accept your answer. Thanks again – mavzey Feb 11 '13 at 09:00
I want to know first what you really want? so that I will know what to put in that code before I modifying it – catherine Feb 11 '13 at 09:03
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/24304/discussion-between-user2017495-and-cathy) – mavzey Feb 11 '13 at 09:03

middleware is not work expected

1 Answers1

Linked