perf: 优化用户session 会话过期

2025-09-15 23:08:20 +00:00 · 2024-01-31 17:17:34 +08:00
parent 279109c9a6
commit 8cb74976e1
13 changed files with 107 additions and 52 deletions
--- a/apps/authentication/forms.py
+++ b/apps/authentication/forms.py
@@ -18,7 +18,7 @@ class EncryptedField(forms.CharField):

 class UserLoginForm(forms.Form):
    days_auto_login = int(settings.SESSION_COOKIE_AGE / 3600 / 24)
-    disable_days_auto_login = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE \
+    disable_days_auto_login = settings.SESSION_EXPIRE_AT_BROWSER_CLOSE \
                              or days_auto_login < 1

    username = forms.CharField(
--- a/apps/authentication/middleware.py
+++ b/apps/authentication/middleware.py
@@ -142,23 +142,7 @@ class SessionCookieMiddleware(MiddlewareMixin):
            return response
        response.set_cookie(key, value)

-    @staticmethod
-    def set_cookie_session_expire(request, response):
-        if not request.session.get('auth_session_expiration_required'):
-            return
-        value = 'age'
-        if settings.SESSION_EXPIRE_AT_BROWSER_CLOSE_FORCE or \
-                not request.session.get('auto_login', False):
-            value = 'close'
-
-        age = request.session.get_expiry_age()
-        expire_timestamp = request.session.get_expiry_date().timestamp()
-        response.set_cookie('jms_session_expire_timestamp', expire_timestamp)
-        response.set_cookie('jms_session_expire', value, max_age=age)
-        request.session.pop('auth_session_expiration_required', None)
-
    def process_response(self, request, response: HttpResponse):
        self.set_cookie_session_prefix(request, response)
        self.set_cookie_public_key(request, response)
-        self.set_cookie_session_expire(request, response)
        return response
--- a/apps/authentication/signal_handlers.py
+++ b/apps/authentication/signal_handlers.py
@@ -37,9 +37,6 @@ def on_user_auth_login_success(sender, user, request, **kwargs):
            UserSession.objects.filter(key=session_key).delete()
        cache.set(lock_key, request.session.session_key, None)

-    # 标记登录，设置 cookie，前端可以控制刷新, Middleware 会拦截这个生成 cookie
-    request.session['auth_session_expiration_required'] = 1
-

@receiver(cas_user_authenticated)
 def on_cas_user_login_success(sender, request, user, **kwargs):