Django Session Timeout

raw JSON →
0.1.0 verified Fri May 01 auth: no python

Middleware for Django that automatically expires user sessions after a configurable period of inactivity. Version 0.1.0 is the latest, with an unpredictable release cadence.

pip install django-session-timeout

Common errors

error AttributeError: module 'django_session_timeout' has no attribute 'SessionTimeoutMiddleware'
cause Incorrect import path: imported from the top-level package instead of the middleware module.
fix
Use: from django_session_timeout.middleware import SessionTimeoutMiddleware
error ImproperlyConfigured: The SECRET_KEY setting must not be empty.
cause User forgot to set Django's SECRET_KEY when using the middleware.
fix
Set a valid SECRET_KEY in your Django settings.
error KeyError: 'SESSION_EXPIRE_SECONDS'
cause The setting SESSION_EXPIRE_SECONDS is not defined in settings.py.
fix
Add SESSION_EXPIRE_SECONDS = <seconds> to your settings.

Warnings

breaking order of middleware matters: SessionTimeoutMiddleware must be placed after AuthenticationMiddleware and SessionMiddleware.
fix Ensure your MIDDLEWARE list has 'django_session_timeout.middleware.SessionTimeoutMiddleware' after 'django.contrib.sessions.middleware.SessionMiddleware' and 'django.contrib.auth.middleware.AuthenticationMiddleware'.
gotcha SESSION_EXPIRE_SECONDS is required, but no default is provided. If not set, all sessions may expire immediately or cause unexpected behavior.
fix Explicitly set SESSION_EXPIRE_SECONDS in your Django settings, e.g., SESSION_EXPIRE_SECONDS = 1800.
gotcha The middleware does not respect Django's SESSION_COOKIE_AGE; it uses its own setting SESSION_EXPIRE_SECONDS.
fix If you want consistent session timeout, set both SESSION_COOKIE_AGE and SESSION_EXPIRE_SECONDS to the same value.

Imports

Quickstart

Add SessionTimeoutMiddleware after AuthenticationMiddleware and set SESSION_EXPIRE_SECONDS in settings.

from django_session_timeout import SessionTimeoutMiddleware

MIDDLEWARE = [
    # ...
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django_session_timeout.middleware.SessionTimeoutMiddleware',
    # ...
]

# settings.py
SESSION_EXPIRE_SECONDS = 3600  # 1 hour
SESSION_TIMEOUT_REDIRECT = '/login/'  # optional, default '/accounts/login/'
last verified Fri May 01
next check Thu Jul 30