A little javascript and middleware work together to ensure that the user was active during the past X minutes in any tab he has open. Otherwise, display a warning leaving a couple of minutes to show any kind of activity like moving the mouse. Otherwise, logout the user.
This github project currently uses GET to logout the user from their session. This may be convenient, but may not be the best approach and might actually be 'dangerous' as the server may not realize that the user has logged out.
I recommend either changing this project to use POST completely or provide the user the option to use either POST or GET in their settings.
Maybe also include a way to automatically navigate to /accounts/logout/ in allauth for example and click the sign out button which in my project is using POST to logout because the user physically clicks the logout button and this change gets POSTed to the server so that the server is on the same page as the client.
This github project currently uses GET to logout the user from their session. This may be convenient, but may not be the best approach and might actually be 'dangerous' as the server may not realize that the user has logged out.
https://softwareengineering.stackexchange.com/questions/188860/why-shouldnt-a-get-request-change-data-on-the-server https://stackoverflow.com/questions/3521290/logout-get-or-post https://code.djangoproject.com/ticket/15619 https://readthedocs.org/projects/django-allauth/downloads/pdf/latest/ (see section 4.3 configuration ACCOUNT_LOGOUT_ON_GET)
I recommend either changing this project to use POST completely or provide the user the option to use either POST or GET in their settings.
Maybe also include a way to automatically navigate to /accounts/logout/ in allauth for example and click the sign out button which in my project is using POST to logout because the user physically clicks the logout button and this change gets POSTed to the server so that the server is on the same page as the client.