-1

In a Home page, i have a form login. in the view.index of the app "Home", after authenticate, i create the ssesion. And after, i call the app "Places" if the authenticate is okey,

request.session['user'] = username
request.session.set_expiry(900)
return HttpResponseRedirect('/places/')

in the settings of the project i configure the SESSION_SAVE_EVERY_REQUEST = True.

How can i send the session to all others pages of the project, and log out the user when the session is expired ?

QDex
  • 139
  • 9

1 Answers1

0

HTTP is a request response protocol.

This means that the server has no way to to communicate to the client without the client initiating the conversation. So the only way to do something like this is native Django, is to have the client periodically check to see if the session is still ok.

One way to achieve this is with a background ajax call (perhaps using setInterval in javascript) which checks the session, and if it's not any good anymore (either by expiration or the user has been disabled etc) then redirect them back to the login page.

Another approaches could involve sending the expiry time to the client so that it only checks the session when it would have expired (though this wouldn't pick up on users being disabled) or having a websocket server which pushes this information to the client.

Shadow
  • 8,749
  • 4
  • 47
  • 57
  • Thnak you for your aswer,The second approach seems to mee more easy as i'm a beginner with django. for each request page of the client, i can send it the expiry time, and verify that with the current time. If it expire, i logout the client. Is it good to that like this? – QDex Feb 12 '19 at 12:22
  • You know your requirements - so only you can say whether it's good :) I fear your approach might lead to a logout screen even if the session is good though (because the user was doing something in a different tab keeping the session alive, but the first page is left alone for long enough for a session to expire). Whatever you go with, checking the session before doing anything is probably a good idea. – Shadow Feb 13 '19 at 05:27