add session timeout middleware

django_auth_ldap_remoteuser/middleware.py

+# Based on https://github.com/labd/django-session-timeout
+# Copyright (c) 2017 Michael van Tellingen
+
+import time
+
+from django.conf import settings
+from django.contrib.auth.views import redirect_to_login
+from django.shortcuts import redirect
+
+try:
+	from django.utils.deprecation import MiddlewareMixin
+except ImportError:
+	MiddlewareMixin = object
+
+
+SESSION_TIMEOUT_KEY = "_session_init_timestamp_"
+
+
+class SessionTimeoutMiddleware(MiddlewareMixin):
+	def process_request(self, request):
+		if not hasattr(request, "session") or request.session.is_empty():
+			return
+
+		init_time = request.session.setdefault(SESSION_TIMEOUT_KEY, time.time())
+
+		expire_seconds = getattr(
+			settings, "SESSION_EXPIRE_SECONDS", settings.SESSION_COOKIE_AGE
+		)
+
+		session_is_expired = time.time() - init_time > expire_seconds
+
+		if session_is_expired:
+			request.session.flush()
+			redirect_url = getattr(settings, "SESSION_TIMEOUT_REDIRECT", None)
+			if redirect_url:
+				return redirect(redirect_url)
+			else:
+				return redirect_to_login(next=request.path)
+
+		expire_since_last_activity = getattr(
+			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY", False
+		)
+		grace_period = getattr(
+			settings, "SESSION_EXPIRE_AFTER_LAST_ACTIVITY_GRACE_PERIOD", 1
+		)
+
+		if expire_since_last_activity and time.time() - init_time > grace_period:
+			request.session[SESSION_TIMEOUT_KEY] = time.time()

setup.py

 from setuptools import setup, find_packages
 
 setup(name='django_auth_ldap_remoteuser',
-	version='2.0',
+	version='3.0',
 	description='Combine the RemoteUser and django-auth-ldap backends for django',
 	url='https://git.cccv.de/infra/uffd/django-auth-ldap-remoteuser',
 	author='Andreas Valder',