From c5d5ef6c8789ee750981ee855d8c836d4a451c02 Mon Sep 17 00:00:00 2001
From: Vladyslav Ovchynnykov <ovd4mail@gmail.com>
Date: Thu, 21 Dec 2017 18:15:12 +0200
Subject: [PATCH] Added setting to add a message after logout

---
 session_security/middleware.py | 5 ++++-
 session_security/settings.py   | 7 +++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/session_security/middleware.py b/session_security/middleware.py
index e9b2a93..ed7fc1f 100644
--- a/session_security/middleware.py
+++ b/session_security/middleware.py
@@ -11,6 +11,7 @@
 
 from datetime import datetime, timedelta
 
+from django.contrib import messages
 from django.contrib.auth import logout
 from django.core.urlresolvers import reverse, resolve, Resolver404
 
@@ -21,7 +22,7 @@
     MiddlewareMixin = object
 
 from .utils import get_last_activity, set_last_activity
-from .settings import EXPIRE_AFTER, PASSIVE_URLS, PASSIVE_URL_NAMES
+from .settings import EXPIRE_AFTER, PASSIVE_URLS, PASSIVE_URL_NAMES, LOGOUT_MESSAGE
 
 
 class SessionSecurityMiddleware(MiddlewareMixin):
@@ -62,6 +63,8 @@ def process_request(self, request):
         delta = now - get_last_activity(request.session)
         expire_seconds = self.get_expire_seconds(request)
         if delta >= timedelta(seconds=expire_seconds):
+            if LOGOUT_MESSAGE:
+                messages.add_message(request, messages.WARNING, LOGOUT_MESSAGE)
             logout(request)
         elif (request.path == reverse('session_security_ping') and
                 'idleFor' in request.GET):
diff --git a/session_security/settings.py b/session_security/settings.py
index 8e15e66..b51c9ca 100644
--- a/session_security/settings.py
+++ b/session_security/settings.py
@@ -22,6 +22,11 @@
     thus cannot be described statically. NOTE: currently namespaces are not
     handled. Overridable in ``settings.SESSION_SECURITY_PASSIVE_URL_NAMES``.
 
+LOGOUT_MESSAGE
+    Message that will be shown after user has been logged out. Works using Django
+    messages framework. Default is ``None``, so no message will be added to the
+    request. Overridable in ``settings.SESSION_SECURITY_LOGOUT_MESSAGE``.
+
 SESSION_SECURITY_INSECURE
     Set this to True in your settings if you want the project to run without
     having to set SESSION_EXPIRE_AT_BROWSER_CLOSE=True, which you should
@@ -40,6 +45,8 @@
 
 PASSIVE_URL_NAMES = getattr(settings, 'SESSION_SECURITY_PASSIVE_URL_NAMES', [])
 
+LOGOUT_MESSAGE = getattr(settings, 'SESSION_SECURITY_LOGOUT_MESSAGE', None)
+
 expire_at_browser_close = getattr(
     settings,
     'SESSION_EXPIRE_AT_BROWSER_CLOSE',