1

I have a private site that requires login for all pages. When a user goes to edit a record, I don't want to lock the record. I want to keep the record available for others. I devised a system using AJAX calls to django using dajax/dajaxice to get the most recent person and datetime of editing for the record. If the most recent edit was not made by the current user, an alert box notifies the user that another person has made an edit since they've opened the record and they should refresh the page to get the most recent version of the data.

This is all well and good, and works perfectly for our situation. I have a session timing out which, when timed out will send the user to a login prompt. In case the user leaves the page open and leaves the computer, we want the sensitive data protected. This is also working perfectly.

My problem is that when the AJAX call is made to check the version of the data, to see if it is changed, it also saves the session, so the session will never time out no matter how long they are at the page unattended.

Is there a way in a view to bypass the SESSION_SAVE_ON_EVERY_REQUEST, so that only this request does not trigger a save. I know I can manually save the session in every OTHER view, but that seems like the wrong thing to do. I suppose I may be able to write middleware that checks the view requested and only saves the session if it is not this view, but I'm not sure that's the best solution either.

Any suggestions?

Thanks in advance.

Furbeenator
  • 8,106
  • 4
  • 46
  • 54

1 Answers1

1

I am pretty certain this will work. I added CustomeMiddleWare to settings.py MIDDLEWARE_CLASSES. Also, turned off session saving on every request in settings.py.

class CustomMiddleware(object):
    def process_view(self, request, view_func, view_args, view_kwargs):
        if view_func.__module__ != "exclude.module" and view_func.__name__ != "excludeMethod":
            request.session.save()

Now the problem is that using Dajaxice, the module and name come over as dajaxice_request. Now I don't know how to get the actual method requested. Tried a bunch of things, but haven't been able to. Don't want to hack the DajaxiceRequest code, but may have to.

  • SOLUTION:

    Switched to jQuery ajax for this one method. Created a new urls.py entry to make the single call to get the version of the record. This makes the view_func in process_view available, so I can only save the session on views called other than this one. Woo Hoo! I am still using Dajaxice for all other AJAX methodology.

Community
  • 1
  • 1
Furbeenator
  • 8,106
  • 4
  • 46
  • 54