增加了管理员和超级管理员24小时不活动 session 自动过期的机制

2015-11-06 20:53:52 +08:00
parent 0ee76a57e0
commit aec6e00095
2 changed files with 26 additions and 1 deletions
--- a/account/middleware.py
+++ b/account/middleware.py
@@ -0,0 +1,24 @@
+# coding=utf-8
+import time
+import json
+import urllib
+from django.http import HttpResponseRedirect, HttpResponse
+from django.contrib import auth
+from utils.shortcuts import error_response, error_page
+from .models import ADMIN
+
+
+class SessionSecurityMiddleware(object):
+    def process_request(self, request):
+        if request.user.is_authenticated() and request.user.admin_type >= ADMIN:
+            if "last_activity" in request.session:
+                # 24个小时没有活动
+                if time.time() - request.session["last_activity"] >= 24 * 60 * 60:
+                    auth.logout(request)
+                    if request.is_ajax():
+                        return HttpResponse(json.dumps({"code": 1, "data": u"请先登录"}),
+                                            content_type="application/json")
+                    else:
+                        return HttpResponseRedirect("/login/?__from=" + urllib.quote(request.build_absolute_uri()))
+            # 更新最后活动日期
+            request.session["last_activity"] = time.time()
--- a/oj/settings.py
+++ b/oj/settings.py
@@ -71,7 +71,8 @@ MIDDLEWARE_CLASSES = (
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'django.middleware.security.SecurityMiddleware',
-    'admin.middleware.AdminRequiredMiddleware'
+    'admin.middleware.AdminRequiredMiddleware',
+    'account.middleware.SessionSecurityMiddleware'
 )

 ROOT_URLCONF = 'oj.urls'