SessionSecurityMiddleware Client Activity Keep-Alive #51
Comments
|
Interesting. We built our own little keep alive thing for our own application. I don't know if a better solution is to make django-session-security a dependency of django-security and just expose that. (Seems weird to just grab all of their code.) |
|
I ended up trading emails with James (author of DSS) to discuss a vulnerability. In that same private email chain, I mentioned this project and he said:
So the second option is already 100% approved. I'm a fan of a combined project so a single base of users/developers can ticket, fix, and release the combined codebase without needing commit access to both (thought I suspect James would facilitate that option as well). |
|
Ah cool. It's a bit hectic here, but i'll see if we can have someone take a look at this. |
I really like the all-in-one convenience of django-security, but the SessionSecurityMiddleware implementation lacks the client-side keep-alive available in django-session-security. The keep-alive is important to us because our product is used to guide a conversation with a customer so our users are often "active" on a page without server-side interaction.
Any interest adding a keep-alive feature to django-security? If so, what approach would you prefer? The licenses look compatible so it seems like any of the following would work:
The text was updated successfully, but these errors were encountered: