更改 Django 管理员不活动超时
如何增加 Django 管理员的不活动超时时间?默认值似乎非常短,并且仅几分钟后就出现超时,这非常烦人。请注意,我知道 SESSION_COOKIE_AGE ,但我不希望此更改影响公共站点的超时。
How do you increase the inactivity timeout for Django's admin? The default seems incredibly short, and appears to timeout after only a couple minutes, which is very annoying. Note, I'm aware of SESSION_COOKIE_AGE, but I don't want to this change to effect the timeout for the public site.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
所以,有两个可能的原因。第一个是您在会话到期之前丢失会话。 SESSION_COOKIE_AGE 默认为 2 周。如果您的会话持续时间没有那么长,请检查以确保您的后端未使用缓存或缓存未满(从而在会话结束之前将其淘汰)。
您可以使用 settings.SESSION_SAVE_EVERY_REQUEST 强制在每次请求时刷新会话,但这在繁忙的站点上可能会出现性能问题。
另一种可能性是您故意将 SESSION_COOKIE_AGE 设置为较小的值,但您现在希望管理 cookie 持续更长时间。没有办法将管理会话超时与正常用户超时分开,至少是开箱即用的。
您还可以编写一个中间件,将用户从请求中拉出,检查 user.is_staff,如果是,则调用 request.session.set_expiry() 手动推迟过期时间。
So, there are two possible causes. The first is that you're losing sessions before their expiration time. SESSION_COOKIE_AGE defaults to 2 weeks. If your session isn't lasting that long, check to make sure your backend isn't using a cache or that the cache is not full (and thus bumping out sessions before their time).
You can force the session to be refreshed on every request by using settings.SESSION_SAVE_EVERY_REQUEST, but this may have performance issues on a busy site.
The other possibility is that you've set SESSION_COOKIE_AGE to something small on purpose but you now want the admin cookies to last longer. There's no way to separate admin session timeouts from normal user timeouts, at least out of the box.
You could also write a middleware that pulls the user out of the request, checks user.is_staff and if so, call request.session.set_expiry() to manually push the expiration time out.
完成不同会话超时设置的一种可能方法是运行站点的两个实例。一个只能由您访问的网站(例如在 localhost:8080 上运行),其中管理页面可用并且具有特定的 admin_settings.py 文件,并且您的常规网站是公开可用的。
根据您的服务器设置,这可以使用 Apache 和 VirtualHosts 轻松完成(我不会详细介绍这一点,因为您可能有不同的设置)。
然后,您可以使用 SSH 隧道访问在服务器的本地主机上运行的管理站点。
如果您确实不希望管理站点始终运行,则另一种选择是使用 manage.py runserver 运行站点的实例,并为其传递管理设置(因为理想情况下只有您才能访问此站点) ,runserver 应该能够处理流量):
然后通过 SSH 隧道访问它。如果您想使用此方法避免 SSH 隧道,那么您可以考虑公开运行它,但通过 stunnel 进行概述 此处
One possible way to accomplish different session timeout settings is to run two instances of your site. One that is only accessible to you (running on localhost:8080 for example) where the admin page is available and has a specific admin_settings.py file for it, and your regular site that is publicly available.
Depending on your server set up this is done easily with Apache and VirtualHosts (I won't go into details about that since you might have a different set up).
Then you can use SSH tunnels to access the admin site running on the localhost of your server.
Another option, if you really don't want your admin site running all the time, is use the manage.py runserver to run an instance of your site, and pass in your admin settings for it (since ideally only you would be accessing this, runserver should be able to handle the traffic):
Then access it through an SSH tunnel. If you want to avoid SSH tunnels with this method then you can look into running it publicly, but through stunnel as outlined here