diff --git a/session_security/middleware.py b/session_security/middleware.py index e9b2a93..16a8b48 100644 --- a/session_security/middleware.py +++ b/session_security/middleware.py @@ -11,8 +11,10 @@ from datetime import datetime, timedelta +from django.contrib import messages from django.contrib.auth import logout from django.core.urlresolvers import reverse, resolve, Resolver404 +from django.views import defaults try: from django.utils.deprecation import MiddlewareMixin @@ -62,7 +64,11 @@ def process_request(self, request): delta = now - get_last_activity(request.session) expire_seconds = self.get_expire_seconds(request) if delta >= timedelta(seconds=expire_seconds): + request._messages._queued_messages = [] + messages.info(request, 'Your session has expired (%s). Please login again.' % delta) logout(request) + if request.is_ajax(): + return defaults.http.HttpResponseForbidden('403 Forbidden: %s' % msg, content_type='text/html') elif (request.path == reverse('session_security_ping') and 'idleFor' in request.GET): self.update_last_activity(request, now) diff --git a/session_security/static/session_security/script.js b/session_security/static/session_security/script.js index 48ab42c..e90c257 100644 --- a/session_security/static/session_security/script.js +++ b/session_security/static/session_security/script.js @@ -119,12 +119,15 @@ yourlabs.SessionSecurity.prototype = { this.apply(); }, + idleForSeconds: function() { return Math.floor((new Date() - this.lastActivity) / 1000); }, + isExpired: function() { return this.idleForSeconds >= this.expireAfter; }, + // Apply warning or expiry, setup next ping apply: function() { // Cancel timeout if any, since we're going to make our own clearTimeout(this.timeout); - var idleFor = Math.floor((new Date() - this.lastActivity) / 1000); + var idleFor = this.idleForSeconds(); if (idleFor >= this.expireAfter) { return this.expire();