Open gsnider2195 opened 1 year ago
Tested this with a client.
They updated the nautobot_config.py with new parameters for only a SESSION_COOKIE_AGE = 30
sec timeout for testing and restarted all services.
Test # 1:
1. Logged in
2. Did not interact with page for 30 seconds
3. When anything was clicked on GUI was redirected to login page
Test # 2
1. Logged in
2. Interacted with GUI for 1 min (During this time was not redirected)
3. Sat IDLE for 30 seconds
4. When anything was clicked in GUI they were redirected to login screen.
Any update regarding the above? Is enabling SESSION_COOKIE_AGE
& SESSION_SAVE_EVERY_REQUEST
compromising performance? And if yes, what is the best way to implement it?
Proposed Changes
Some admins would like to have nautobot log users out after a period of inactivity. The proposed method is to set the
SESSION_COOKIE_AGE
to the desired timeout value and then useSESSION_SAVE_EVERY_REQUEST
to have Django update the session on every request. However, nautobot uses the database session backend by default so making a database UPSERT on every request may impact performance. We should test the performance impact and document whether admins should also use theSESSION_ENGINE = "django.contrib.sessions.backends.cached_db"
setting when settingSESSION_SAVE_EVERY_REQUEST = True
.Justification
Documentation