# middleware.py

from django.conf import settings
from django.utils import timezone
from django.contrib.auth import logout

class SessionTimeoutMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if request.user.is_authenticated:
            # Check if the user's session has expired
            last_activity = request.session.get('_session_last_activity')
            if last_activity is not None and (timezone.now() - last_activity).seconds >= settings.SESSION_COOKIE_AGE:
                # Log out the user if the session has expired
                logout(request)
            else:
                # Update last activity time
                request.session['_session_last_activity'] = timezone.now()

        response = self.get_response(request)
        return response