Source code for intranet.middleware.session_management
import time
from django.contrib.auth import logout
from ..apps.sessionmgmt.models import TrustedSession
[docs]class SessionManagementMiddleware:
"""
Handles session management.
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
if request.user is not None and request.user.is_authenticated:
if isinstance(request.session.get("login_time", None), float):
if (
request.user.last_global_logout_time is not None
and request.session["login_time"] < request.user.last_global_logout_time.timestamp()
):
# This is how global logouts work for non-trusted sessions. We automatically log the user out if the user's most recent global
# logout happened since the time they logged in (in this session).
logout(request)
time_since_login = time.time() - request.session["login_time"]
if time_since_login >= 30 * 24 * 60 * 60:
# Force logout after 30 days, even for trusted sessions
TrustedSession.objects.filter(user=request.user, session_key=request.session.session_key).delete()
logout(request)
else:
if request.user.last_global_logout_time is not None:
# If the user has performed a global logout, all of their sessions must have a login_time set
logout(request)
else:
# Otherwise, having a value is more important than it being 100% accurate
request.session["login_time"] = time.time()
return self.get_response(request)