Merge pull request #4139 from jumpserver/dev_session

[Update] UserProfileAPI 判断是否设置session过期时间，解决前端关闭浏览器session未失效的问题
2020-06-24 16:14:36 +08:00 · 2020-06-24 16:14:36 +08:00 · d7e432a851
parent 923f0ed477 c0a153d13a
commit d7e432a851
1 changed files with 4 additions and 2 deletions
--- a/apps/users/api/profile.py
+++ b/apps/users/api/profile.py
@ -3,6 +3,7 @@ import uuid

 from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated
+from django.conf import settings

 from common.permissions import (
    IsCurrentUserOrReadOnly
@ -64,8 +65,9 @@ class UserProfileApi(generics.RetrieveUpdateAPIView):
        return self.request.user

    def retrieve(self, request, *args, **kwargs):
-        age = request.session.get_expiry_age()
-        request.session.set_expiry(age)
+        if not settings.SESSION_EXPIRE_AT_BROWSER_CLOSE:
+            age = request.session.get_expiry_age()
+            request.session.set_expiry(age)
        return super().retrieve(request, *args, **kwargs)