From dc7668177a2ef638d9a86e7f6c7f62b075b9592c Mon Sep 17 00:00:00 2001
From: Matthias Runge <mrunge@redhat.com>
Date: Thu, 20 Jun 2013 12:52:37 +0200
Subject: [PATCH] Implement Browser session timeout

By default, Horizon just uses session, which expire, when the browser
is closed. This implements additionally a session timeout.

Change-Id: I140ee2ee37e092036a66d890d920423dfc493fba
Fixes: bug 1118441
---
 horizon/middleware.py           | 16 ++++++++++++++++
 openstack_dashboard/settings.py |  1 +
 2 files changed, 17 insertions(+)

diff --git a/horizon/middleware.py b/horizon/middleware.py
index 645a1ea0f..2dde4e4d7 100644
--- a/horizon/middleware.py
+++ b/horizon/middleware.py
@@ -21,6 +21,7 @@
 Middleware provided and used by Horizon.
 """
 
+import datetime
 import json
 import logging
 
@@ -29,6 +30,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.views import redirect_to_login
 from django.contrib import messages as django_messages
 from django import http
+from django.http import HttpResponseRedirect
 from django import shortcuts
 from django.utils.encoding import iri_to_uri
 from django.utils import timezone
@@ -49,6 +51,20 @@ class HorizonMiddleware(object):
         if tz:
             timezone.activate(tz)
 
+        # Check for session timeout
+        timeout = 1800
+        try:
+            timeout = settings.SESSION_TIMEOUT
+        except AttributeError:
+            pass
+
+        last_activity = request.session.get('last_activity', None)
+        timestamp = datetime.datetime.now()
+        if last_activity and (timestamp - last_activity).seconds > timeout:
+            request.session.pop('last_activity')
+            return HttpResponseRedirect(settings.LOGOUT_URL)
+        request.session['last_activity'] = timestamp
+
         request.horizon = {'dashboard': None,
                            'panel': None,
                            'async_messages': []}
diff --git a/openstack_dashboard/settings.py b/openstack_dashboard/settings.py
index 254f0ce7e..9613f5892 100644
--- a/openstack_dashboard/settings.py
+++ b/openstack_dashboard/settings.py
@@ -150,6 +150,7 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
 SESSION_COOKIE_HTTPONLY = True
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_SECURE = False
+SESSION_TIMEOUT = 1800
 
 gettext_noop = lambda s: s
 LANGUAGES = (