search

yourlabs / django-session-security

A little javascript and middleware work together to ensure that the user was active during the past X minutes in any tab he has open. Otherwise, display a warning leaving a couple of minutes to show any kind of activity like moving the mouse. Otherwise, logout the user.
http://django-session-security.rtfd.org
MIT License
310 stars 141 forks source link

Inconsistent timeout #67

Open hmcelroy opened 8 years ago

hmcelroy commented 8 years ago

We have been using django-session-security for about 2 years in our application, but its effectiveness has been spotty. Sometimes the culprit is a clear interference from another piece of middleware or another change in our application - but currently our experience is that it works "some times". It will work for one user one time, then fail the next.

If i remove the warn/expire settings our application consistently expires the session cookie per the session cookie timeout setting.

Are there any common interfering factors that you can recommend looking into?

jpic commented 8 years ago

In this kind of case I would recommend: