Expiry rules for Django sessions.
pip install django-expiry
pipenv install django-expiry
expiry to your
INSTALLED_APPS = ( ... 'expiry', )
expiry.middleware.ExpirySessionMiddleware to your middleware setting
MIDDLEWARE = ( ... 'expiry.middleware.ExpirySessionMiddleware', )
or to middleware classes if your Django is <= 1.9
MIDDLEWARE_CLASSES = ( ... 'expiry.middleware.ExpirySessionMiddleware', )
The middleware will process rules and default ages for fresh sessions.
Default ages can be set for anonymous and authenticated users. When not set, the session age behaviour will default to Django.
Default: not set.
The default age of an anonymous session, in seconds.
Keeps the authenticated session alive, refreshing its expiry for every request, according to its default value and rules.
Default: not set.
The default age of an authenticated session, in seconds.
Keeps the anonymous session alive, refreshing its expiry for every request, according to its default value and rules.
A set of rules should be defined in your settings file. You can have rules for anonymous users and authenticated users, handled separately.
Processed whenever an user logs in. Its callable should always accept an
user and a
EXPIRY_AUTH_SESSION_RULES = ( (lambda request, user: user.is_staff, 300), (lambda request, user: user.is_superuser, datetime.timedelta(weeks=2)), (lambda request, user: user.has_perms('hero'), 99999999), )
Processed whenever a session is fresh. Rules are triggered in
EXPIRY_ANON_SESSION_RULES = ( (lambda request: request.META.get('REMOTE_ADDR') == '192.168.0.1', 999) )
A rule is a tuple composed by:
Note that, for
timedelta expiries, serialization won't work unless you are using the
Read more about it here.
In the examples above, all rules are lambdas, but you can also send the path to a function that will validate it.
EXPIRY_AUTH_SESSION_RULES = ( ('app.module.complex_rule', datetime.timedelta(days=64)), )
Then define the rule in that specific module:
def complex_rule(user, request): ...