Auto logout a user after specific time in Django.
Works with
- Python🐍 ≥ 3.7,
- Django🌐 ≥ 3.0.
Documentation
- How to install
- User logout in case of:
- Auto-reload the browser page when the time runs out
- Add a message to inform the user about logging out
pip install django-auto-logoutAppend to settings.py middlewares:
MIDDLEWARE = [
# append after default middlewares
'django_auto_logout.middleware.auto_logout',
]NOTE
Make sure that the following middlewares are used before doing this:
django.contrib.sessions.middleware.SessionMiddlewaredjango.contrib.auth.middleware.AuthenticationMiddlewaredjango.contrib.messages.middleware.MessageMiddleware
Logout a user if there are no requests for a long time.
Add to settings.py:
AUTO_LOGOUT = {'IDLE_TIME': 600} # logout after 10 minutes of downtimeor the same, but with datetime.timedelta (more semantically):
from datetime import timedelta
AUTO_LOGOUT = {'IDLE_TIME': timedelta(minutes=10)}The user will log out the next time the page is requested.
See REDIRECT_TO_LOGIN_IMMEDIATELY to log out right after the idle-time has expired
(and redirect to login page).
Use the REDIRECT_TO_LOGIN_IMMEDIATELY option
if you want to redirect the user to the login page
immediately after the idle-time expires:
from datetime import timedelta
AUTO_LOGOUT = {
'IDLE_TIME': timedelta(minutes=10),
'REDIRECT_TO_LOGIN_IMMEDIATELY': True,
}This requires a client-side script, so you should
modify your context_processors in settings.py:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
'context_processors': [
'django.template.context_processors.debug',
'django.template.context_processors.request',
'django.contrib.auth.context_processors.auth',
'django.contrib.messages.context_processors.messages',
# ↓↓↓ Add this ↓↓↓
'django_auto_logout.context_processors.auto_logout_client',
],
},
},
]And add this to your templates (will add a redirect script to your html):
{{ redirect_to_login_immediately }}
If you want to use this in your JavaScript code, following template variables may be useful:
var sessionEnd = {{ seconds_until_session_end }};
var idleEnd = {{ seconds_until_idle_end }};
REDIRECT_TO_LOGIN_IMMEDIATELY works with SESSION_TIME too.
Logout a user after 3600 seconds (hour) from the last login.
Add to settings.py:
AUTO_LOGOUT = {'SESSION_TIME': 3600}or the same, but with datetime.timedelta (more semantically):
from datetime import timedelta
AUTO_LOGOUT = {'SESSION_TIME': timedelta(hours=1)}NOTE
See REDIRECT_TO_LOGIN_IMMEDIATELY option
if you want to redirect user to the login page
right after the idle-time has expired.
Set the message that will be displayed after the user automatically logs out of the system:
AUTO_LOGOUT = {
'SESSION_TIME': 3600,
'MESSAGE': 'The session has expired. Please login again to continue.',
}It uses django.contrib.messages. Don't forget to display messages in templates:
{% for message in messages %}
<div class="message {{ message.tags }}">
{{ message }}
</div>
{% endfor %}NOTE
messages template variable provides by django.contrib.messages.context_processors.messages
context processor.
See TEMPLATES → OPTIONS → context_processors in your settings.py file.
You can combine previous configurations. For example, you may want to logout a user in case of downtime (5 minutes or more) and not allow working within one session for more than half an hour:
from datetime import timedelta
AUTO_LOGOUT = {
'IDLE_TIME': timedelta(minutes=5),
'SESSION_TIME': timedelta(minutes=30),
'MESSAGE': 'The session has expired. Please login again to continue.',
'REDIRECT_TO_LOGIN_IMMEDIATELY': True,
}