search

ubccr / coldfront

HPC Resource Allocation System
https://coldfront.readthedocs.io
GNU General Public License v3.0
96 stars 76 forks source link

Expire sessions X seconds after the last activity #452

Closed aebruno closed 1 year ago

aebruno commented 1 year ago

Currently, sessions expire after 15 minutes. This is hard coded in settings here. What we really want is to keep the session alive as long as the user is doing something. Once they become inactive after X seconds, the session should expire.

Let's make the following modifications:

  1. Use this module django-session-timeout in auth.py
  2. Add support for setting SESSION_EXPIRE_SECONDS and SESSION_EXPIRE_AFTER_LAST_ACTIVITY via env variables.
  3. We probably need to unset SESSION_COOKIE_AGE or set session to expire at browser close. See here
dsajdak commented 1 year ago

@aebruno I thought this time out was related to mokey/openid because we have the same issue with OnDemand.