On 7 June 2011 15:14, Derek <gamesb...@gmail.com> wrote: > On Jun 7, 3:39 pm, jayhalleaux <jay.halle...@gmail.com> wrote: > > i take that back. > > > > If I log in and then I close the tab, I can go back and still use the > > url to go to a login required page. > > close_tab != CLOSE_BROWSER > > (An interesting discussion on this type of problem: > > http://www.thewebsqueeze.com/forum/PHP-f11/Logout-On-Browser-Close-t5342.html > ) > > The fundamental problem is there is absolutely NO WAY for Django to know that the user has closed their browser/gone away/been abducted by aliens, and thus to know they should be logged out.
All else is just work-arounds for this fact: - Browsers will clear cookies with no expiry time set when the browser exits (maybe), so SESSION_EXPIRE_AT_BROWSER_ CLOSE uses such a cookie for the Django session cookie, so the browser might delete it on exit. - It's possible to add an inactivity timer on the server side, so that if the user isn't seen for a while the session is expired. How to do this is left as an exercise to the reader. HTH, Malcolm -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
