Merge "Implement Browser session timeout"

horizon/middleware.py

@@ -21,6 +21,7 @@
 Middleware provided and used by Horizon.
 """
 
+import datetime
 import json
 import logging
 
@@ -29,6 +30,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.views import redirect_to_login
 from django.contrib import messages as django_messages
 from django import http
+from django.http import HttpResponseRedirect
 from django import shortcuts
 from django.utils.encoding import iri_to_uri
 from django.utils import timezone
@@ -49,6 +51,20 @@ class HorizonMiddleware(object):
         if tz:
             timezone.activate(tz)
 
+        # Check for session timeout
+        timeout = 1800
+        try:
+            timeout = settings.SESSION_TIMEOUT
+        except AttributeError:
+            pass
+
+        last_activity = request.session.get('last_activity', None)
+        timestamp = datetime.datetime.now()
+        if last_activity and (timestamp - last_activity).seconds > timeout:
+            request.session.pop('last_activity')
+            return HttpResponseRedirect(settings.LOGOUT_URL)
+        request.session['last_activity'] = timestamp
+
         request.horizon = {'dashboard': None,
                            'panel': None,
                            'async_messages': []}

openstack_dashboard/settings.py

@@ -150,6 +150,7 @@ SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
 SESSION_COOKIE_HTTPONLY = True
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True
 SESSION_COOKIE_SECURE = False
+SESSION_TIMEOUT = 1800
 
 gettext_noop = lambda s: s
 LANGUAGES = (