=============
Django Expire
=============

A Django application which provides authentication-based session expiration.


To install this application into your project, first add it to your
``INSTALLED_APPS`` setting (and run ``manage.py syncdb``)::

    INSTALLED_APPS = (
        ...
        'django_expire',
    )

Next, add the expiration middleware to your ``MIDDLEWARE_CLASSES`` setting,
placing it after both the ``session`` and ``auth`` middleware.::

    MIDDLEWARE_CLASSES = (
        ...
        'django_expire.middleware.ExpireMiddleware',
    )


What it does
============

For every request by an authenticated user, a check is run to ensure the number
of other sessions also belonging to the user does not exceed the allowed
maximum.

This maximum defaults to ``1``, but you can provide a ``EXPIRE_MAX_USERS``
setting to override this default (a setting of ``0`` allows an unlimited
amount of users per session).

If a user has exceeded the number of sessions they are allowed, the excessive
sessions are removed (effectively logging the user out of these now invalidated
sessions).


Changing expiration settings per user
=====================================

The ``django_expire.signals.expire_check`` allows you to change the
expiration settings at a per-user level.

The signal is sent before any tests are run, along with a settings dictionary
containing a single ``max_users`` key. Signal handlers may change the value
of the dictionary to alter the settings for this user.

An example handler (which is not automatically connected) can be found in
``django_expire.signals.superuser_handler`` which demonstrates allowing
superusers an unlimited number of sessions.
