Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request: no reload #94

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 8 additions & 2 deletions session_security/static/session_security/script.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@ if (window.yourlabs == undefined) window.yourlabs = {};
// onbeforeunload handler that doesn't block expire().
// - events: a list of event types to watch for activity updates.
// - returnToUrl: a url to redirect users to expired sessions to. If this is not defined we just reload the page
// - noReload: If this is defined then we expire the session without reloading
// the page. Useful if a page requires a lot of navigation or
// interaction to get to and jumping to a login page would make it
// difficult to recreate the state. SECURITY WARNING: this option is
// inherently less secure than reloading the page. Any sensitive
// information will remain visible and could potentially be copied / pasted
// after expiration.
yourlabs.SessionSecurity = function(options) {
// **HTML element** that should show to warn the user that his session will
// expire.
Expand Down Expand Up @@ -55,8 +62,7 @@ yourlabs.SessionSecurity.prototype = {
this.expired = true;
if (this.returnToUrl !== undefined) {
window.location.href = this.returnToUrl;
}
else {
} else if (!this.noReload) {
window.location.reload();
}
},
Expand Down
4 changes: 3 additions & 1 deletion session_security/templates/session_security/all.html
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@
pingUrl: '{% url 'session_security_ping' %}',
warnAfter: {{ request|warn_after|unlocalize }},
expireAfter: {{ request|expire_after|unlocalize }},
confirmFormDiscard: "{% trans 'You have unsaved changes in a form of this page.' %}"
confirmFormDiscard: "{% trans 'You have unsaved changes in a form of this page.' %}",
noReload: false // If this is set the session is exprired but the current page remains visible

});
</script>
{% endlocalize %}
Expand Down
24 changes: 24 additions & 0 deletions session_security/tests/test_script.py
Original file line number Diff line number Diff line change
Expand Up @@ -55,3 +55,27 @@ def test_activity_prevents_warning(self):
self.assert_visible('#session_security_warning')
delta = datetime.datetime.now() - start
self.assertGreaterEqual(delta.seconds, self.min_warn_after)

def test_no_reload(self):
locations = []
for win in self.sel.window_handles:
self.sel.switch_to_window(win)
# can we check the value of sessionSecurity.noReload here??
self.assertEqual(False, self.sel.execute_script(
'return sessionSecurity.noReload'))
locations.append(self.sel.current_url)
# Set the noReload variable
self.sel.execute_script('sessionSecurity.noReload = true')
self.assertEqual(True, self.sel.execute_script(
'return sessionSecurity.noReload'))

time.sleep(self.max_expire_after)

# Should still be at the same URL
for (idx, win) in enumerate(self.sel.window_handles):
self.sel.switch_to_window(win)
self.assertEqual(locations[idx], self.sel.current_url)

# Even if we hit a key
self.press_space()
self.assertEqual(locations[idx], self.sel.current_url)