SessionSecurityMiddleware Client Activity Keep-Alive

[claytondaley]

I really like the all-in-one convenience of django-security, but the SessionSecurityMiddleware implementation lacks the client-side keep-alive available in django-session-security. The keep-alive is important to us because our product is used to guide a conversation with a customer so our users are often "active" on a page without server-side interaction.

Any interest adding a keep-alive feature to django-security? If so, what approach would you prefer? The licenses look compatible so it seems like any of the following would work:

• Replace SessionSecurityMiddleware with the django-session-security implementation
• Port the JS code to SessionSecurityMiddleware
• Include both in django-security

[funkaoshi]

Interesting. We built our own little keep alive thing for our own application. I don't know if a better solution is to make django-session-security a dependency of django-security and just expose that. (Seems weird to just grab all of their code.)

[claytondaley]

I ended up trading emails with James (author of DSS) to discuss a vulnerability. In that same private email chain, I mentioned this project and he said:

If someone contributed the client side script to django-security it would be great !

So the second option is already 100% approved. I'm a fan of a combined project so a single base of users/developers can ticket, fix, and release the combined codebase without needing commit access to both (thought I suspect James would facilitate that option as well).

[funkaoshi]

Ah cool. It's a bit hectic here, but i'll see if we can have someone take a look at this.