{"id":23600,"library":"django-session-security","title":"django-session-security","description":"Provides client- and server-side session timeout enforcement with configurable warnings. v2.6.8 requires Python >=3.10 and Django >=3.2. Maintenance branch with infrequent releases.","status":"maintenance","version":"2.6.8","language":"python","source_language":"en","source_url":"https://github.com/yourlabs/django-session-security","tags":["django","session","security","timeout","middleware"],"install":[{"cmd":"pip install django-session-security","lang":"bash","label":"PyPI install"}],"dependencies":[{"reason":"Required, version >=3.2","package":"Django","optional":false}],"imports":[{"note":"Middleware is in the middleware submodule, not the package root.","wrong":"from session_security import SessionSecurityMiddleware","symbol":"SessionSecurityMiddleware","correct":"from session_security.middleware import SessionSecurityMiddleware"},{"note":"","wrong":"","symbol":"SessionSecurityMixin","correct":"from session_security.views import SessionSecurityMixin"}],"quickstart":{"code":"INSTALLED_APPS = [\n    ...\n    'session_security',\n]\n\nMIDDLEWARE = [\n    'session_security.middleware.SessionSecurityMiddleware',\n    ...\n]\n\n# Optional settings\nSESSION_SECURITY_EXPIRE_AFTER = 600  # seconds\nSESSION_SECURITY_WARN_AFTER = 540    # seconds\nSESSION_SECURITY_PASSIVE_URLS = []","lang":"python","description":"Add app and middleware to settings. Run manage.py migrate if using the model backend."},"warnings":[{"fix":"Use `SESSION_SECURITY_EXPIRE_AFTER` instead of legacy setting.","message":"Removed support for the legacy `SESSION_EXPIRE_AT_BROWSER_CLOSE` setting. Session expiry is now controlled solely by `SESSION_SECURITY_EXPIRE_AFTER`.","severity":"breaking","affected_versions":">=2.6.0"},{"fix":"Use mixin-based approach: `from session_security.views import SessionSecurityMixin`.","message":"The `session_security.decorators` module (e.g., `@session_security_disabled`) is deprecated and will be removed in v3.0.","severity":"deprecated","affected_versions":">=2.6.0"},{"fix":"Ensure `SessionSecurityMiddleware` is placed after `AuthenticationMiddleware` and before `SessionMiddleware`.","message":"If using Django's `SILENCED_SYSTEM_CHECKS`, adding `'session_security.W001'` will suppress the middleware position check — but doing so without proper middleware order will cause session expiry to not trigger.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Add `SESSION_SECURITY_EXPIRE_AFTER = 600` (or another integer) in settings.","cause":"The setting is missing or set to a non-int value.","error":"django.core.exceptions.ImproperlyConfigured: The SESSION_SECURITY_EXPIRE_AFTER setting must be an integer."},{"fix":"Use `from session_security.middleware import SessionSecurityMiddleware`.","cause":"Wrong import path.","error":"ImportError: cannot import name 'SessionSecurityMiddleware' from 'session_security'"},{"fix":"Add `'session_security.middleware.SessionSecurityMiddleware'` after `AuthenticationMiddleware` and before `SessionMiddleware`.","cause":"Middleware is missing or in wrong order.","error":"django.core.checks.W001: session_security.SessionSecurityMiddleware not found in MIDDLEWARE in the correct position."}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}