stop various async background requests from bumping the session expiry

if a user has an active session that just sits on the dashboard or job list, websocket messages that come in (for e.g., job status changes) will trigger AJAX requests for more data; this process causes a user with an idle login to continue to generate API requests, which in turn ticks their expiry timer. As a result, users with active sessions sitting on these two (popular) pages will never be automatically logged out via SESSION_MAX_AGE. this change introduces a special header that the UI can use to signify that a request shouldn't bump the expiry timer
2026-03-23 20:05:03 -02:30 · 2018-11-15 11:45:11 -05:00
parent 2758a38485
commit c2660af60d
6 changed files with 10 additions and 5 deletions
--- a/awx/main/middleware.py
+++ b/awx/main/middleware.py
@@ -126,8 +126,9 @@ class SessionTimeoutMiddleware(object):
    """

    def process_response(self, request, response):
+        should_skip = 'HTTP_X_WS_SESSION_QUIET' in request.META
        req_session = getattr(request, 'session', None)
-        if req_session and not req_session.is_empty():
+        if req_session and not req_session.is_empty() and should_skip is False:
            expiry = int(settings.SESSION_COOKIE_AGE)
            request.session.set_expiry(expiry)
            response['Session-Timeout'] = expiry