2👍
It seems that it’s just because your settings parameter name is missing the ending ‘s’. It should be ‘SESSION_SECURITY_PASSIVE_URLS‘ instead of ‘SESSION_SECURITY_PASSIVE_URL’ in your case. Consider the source code here.
Other than that I believe you can safely remove redundant elements from the SESSION_SECURITY_PASSIVE_URLS list and leave just the ‘/core/notice/check/’ entry there. Again, as we can see from the source code the decision of whether request ‘is passive’ is made by checking the request.path against the list of values from the settings.
0👍
Can’t comment, thus attempting to answer here. Have you added {% include 'session_security/all.html' %} to your (base) template? Also do you have added session_security URLs in appropriate urls.py file?
- [Answered ]-What do you think about my Django model structure?
- [Answered ]-A way to save the generated HTML from Django Views?
- [Answered ]-Django Custom User Model
- [Answered ]-DB not updating with django form
- [Answered ]-Django pre_save signals work when Model is saved but not ModelForm?
0👍
SESSION_SECURITY_PASSIVE_URLS allows you to add static urls. However, most urls in Django are anything but static. How would you add dynamic urls to this list to bypass session update. For example in url /category/1/product/5/, 1 and 5 are dynamic ids but I would like to skip any url that matches the pattern
'/category/(?P<cat_id>[\d]+)/product/(?P<product_id>[\d]+)/'
- [Answered ]-Django: side menu template visible everywhere
- [Answered ]-Django loop over modelchoicefield queryset
- [Answered ]-Using a dictionary (or other structure) key in a variable name
0👍
This is unlikely, but if you are using django-ajax middleware AJAXMiddleware, it conflicts with session_security mechanism, and either the session expiry notification might not appear or session expiration might not work altogether. I had to remove AJAXMiddleware to make session_security work again.