Merge pull request #4139 from jumpserver/dev_session

[Update] UserProfileAPI 判断是否设置session过期时间，解决前端关闭浏览器session未失效的问题
2025-06-23 21:47:27 +00:00 · 2020-06-24 16:14:36 +08:00 · 2020-06-24 16:14:36 +08:00 · d7e432a851
commit d7e432a851
parent 923f0ed477 c0a153d13a
1 changed files with 4 additions and 2 deletions
--- a/apps/users/api/profile.py
+++ b/apps/users/api/profile.py
@ -3,6 +3,7 @@ import uuid

 from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated
+from django.conf import settings

 from common.permissions import (
    IsCurrentUserOrReadOnly
@ -64,6 +65,7 @@ class UserProfileApi(generics.RetrieveUpdateAPIView):
        return self.request.user

    def retrieve(self, request, *args, **kwargs):
+        if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
            age = request.session.get_expiry_age()
            request.session.set_expiry(age)
        return super().retrieve(request, *args, **kwargs)