yourlabs · mattbo · Oct 24, 2014 · Apr 6, 2017 · Apr 6, 2017 · Apr 7, 2017
diff --git a/session_security/static/session_security/script.js b/session_security/static/session_security/script.js
@@ -15,6 +15,9 @@ if (window.yourlabs == undefined) window.yourlabs = {};
 //   onbeforeunload handler that doesn't block expire().
 // - events: a list of event types to watch for activity updates.
 // - returnToUrl: a url to redirect users to expired sessions to. If this is not defined we just reload the page
+// - noReload: If this is defined then we expire the session without reloading
+//      the page.  Useful if the page should stay visible but no further actions
+//      should be taken.
 yourlabs.SessionSecurity = function(options) {
     // **HTML element** that should show to warn the user that his session will
     // expire.
@@ -55,8 +58,7 @@ yourlabs.SessionSecurity.prototype = {
         this.expired = true;
         if (this.returnToUrl !== undefined) {
             window.location.href = this.returnToUrl;
-        }
-        else {
+        } else if (!this.noReload) {
             window.location.reload();
         }
     },

diff --git a/session_security/templates/session_security/all.html b/session_security/templates/session_security/all.html
@@ -29,7 +29,9 @@
                 pingUrl: '{% url 'session_security_ping' %}',
                 warnAfter: {{ request|warn_after|unlocalize }},
                 expireAfter: {{ request|expire_after|unlocalize }},
-                confirmFormDiscard: "{% trans 'You have unsaved changes in a form of this page.' %}"
+                confirmFormDiscard: "{% trans 'You have unsaved changes in a form of this page.' %}",
+                noReload: false  // If this is set the session is exprired but the current page remains visible
+
             });
         </script>
     {% endlocalize %}    

diff --git a/session_security/tests/test_script.py b/session_security/tests/test_script.py
@@ -55,3 +55,27 @@ def test_activity_prevents_warning(self):
             self.assert_visible('#session_security_warning')
         delta = datetime.datetime.now() - start
         self.assertGreaterEqual(delta.seconds, self.min_warn_after)
+
+    def test_no_reload(self):
+        locations = []
+        for win in self.sel.window_handles:
+            self.sel.switch_to_window(win)
+            # can we check the value of sessionSecurity.noReload here??
+            self.assertEqual(False, self.sel.execute_script(
+                'return sessionSecurity.noReload'))
+            locations.append(self.sel.current_url)
+            # Set the noReload variable
+            self.sel.execute_script('sessionSecurity.noReload = true')
+            self.assertEqual(True, self.sel.execute_script(
+                'return sessionSecurity.noReload'))
+
+        time.sleep(self.max_expire_after)
+
+        # Should still be at the same URL
+        for (idx, win) in enumerate(self.sel.window_handles):
+            self.sel.switch_to_window(win)
+            self.assertEqual(locations[idx], self.sel.current_url)
+
+            # Even if we hit a key
+            self.press_space()
+            self.assertEqual(locations[idx], self.sel.current_url)