This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Django authentication-based session expiration

Project Description

A Django application which provides authentication-based session expiration.

To install this application into your project, first add it to your INSTALLED_APPS setting (and run manage.py syncdb):

INSTALLED_APPS = (
    ...
    'django_expire',
)

Next, add the expiration middleware to your MIDDLEWARE_CLASSES setting, placing it after both the session and auth middleware.:

MIDDLEWARE_CLASSES = (
    ...
    'django_expire.middleware.ExpireMiddleware',
)

What it does

For every request by an authenticated user, a check is run to ensure the number of other sessions also belonging to the user does not exceed the allowed maximum.

This maximum defaults to 1, but you can provide a EXPIRE_MAX_USERS setting to override this default (a setting of 0 allows an unlimited amount of users per session).

If a user has exceeded the number of sessions they are allowed, the excessive sessions are removed (effectively logging the user out of these now invalidated sessions).

Logged sessions

A log of each session is stored in the django_expire.models.LoggedSession model.

Invalidated sessions are not removed from the database by default so you can use this model to retrieve login information (for example, date/time and IP address).

Use the EXPIRE_LOG_LIMIT setting to set a limit of expired session logs to retain for each user (you can use 0 to delete expired session logs straight away or None for no limit).

Changing expiration settings per user

The django_expire.signals.expire_check allows you to change the expiration settings at a per-user level.

The signal is sent before any tests are run, along with a settings dictionary containing a single max_users key. Signal handlers may change the value of the dictionary to alter the settings for this user.

An example handler (which is not automatically connected) can be found in django_expire.signals.superuser_handler which demonstrates allowing superusers an unlimited number of sessions.

Release History

Release History

This version
History Node

1.0.1

History Node

1.0

History Node

1.0-alpha-2

History Node

1.0-alpha-1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-expire-1.0.1.tar.gz (6.1 kB) Copy SHA256 Checksum SHA256 Source Mar 12, 2010

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting